Tool for tracking user's usage of a Linux system

I am looking for a tool that monitors my system and informs me when a user logs in... someone attempts to login, etc. I know I can create a cron job to check "who" or "w" every so often but I was wondering if anyone was aware of a more proactive approach and/or tool.

crontab system-administration

asked 10 Jun '10, 15:10

Andy
297●2●9●20
accept rate: 14%

Also discovered: http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html

(10 Jun '10, 20:50) Andy

5 Answers:

oldest newest most voted

Depending on what kind of notification you're looking for, whowatch should accomplish what you'd like:

Whowatch is an console, interactive users and process monitoring tool. It displays information about the users currently logged on to the machine, in real-time. Besides standard informations (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown.

--jeremy

link

answered 10 Jun '10, 15:17

jeremy ♦♦
1.0k●1●5●16
accept rate: 37%

Jeremy, this is an excellent tool! Thanks for sharing this! - Andy

(10 Jun '10, 15:26) Andy

does this tool provide any notification facility other than staring at the screen?

(11 Jun '10, 09:08) pmarini

It does not provide any notification facility. If that's a requirement, I'd recommend something like logwatch.

(11 Jun '10, 13:13) jeremy ♦♦

You can put the following script into .bashrc of the user you intend to monitor. It alerts via email only on a successful attempt. This is especially useful for the root account.

echo 'ALERT - Shell Access on:' date who | mail -s "Alert: Access from who | cut -d"(" -f2 | cut -d")" -f1" admin@domain

Replace admin@domain with the email address of user who is to receive the update.

Alternatively, you can use logwatch which parses through your system's logs and creates a report analyzing areas that you specify.

link

answered 11 Jun '10, 01:35

Ricky Wee
71●1●3
accept rate: 0%

acct

Description: The GNU Accounting utilities for process and login accounting GNU Accounting Utilities is a set of utilities which reports and summarizes data about user connect times and process execution statistics.

"Login accounting" provides summaries of system resource usage based on connect time, and "process accounting" provides summaries based on the commands executed on the system.

The 'last' command is provided by the sysvinit package and not included here. Homepage: http://www.gnu.org/software/acct/

link

answered 12 Aug '10, 01:46

craigevil
116●2
accept rate: 6%

0	You can have a script tail the secure log file, and take action based on that info. Not sure how proactive you're looking for. link answered 10 Jun '10, 20:43 rfelsburg ♦ 606●1●6●18 accept rate: 25%

you might want to check-out a proper auditing system, like Linux Audit & IDS (http://people.redhat.com/sgrubb/audit/), these kind of solutions might take a little more to configure but they are definitely the most complete and precise ones. the above link refers to the Fedora contributed package, but I've read that it's based on features found in Kernel 2.6 anyway

link

answered 11 Jun '10, 09:06

pmarini
286●2●16
accept rate: 28%

Your answer

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

system-administration ×8
crontab ×7

Asked: 10 Jun '10, 15:10

Seen: 3,642 times

Last updated: 12 Aug '10, 01:46

Please note that LinuxExchange will be shutting down on December 31st, 2016. Visit this thread for additional information and to provide feedback.

Tool for tracking user's usage of a Linux system

Follow this question

Related questions