I've had a few security problems with a server of mine, a few SSH users have been setting up fires aka giving problems.
I would like to:
I am not much of a sys admin and I am quite inexperienced in this matter, so any kind of advice would be very welcome and very helpful. :)
Since we're talking about SSH servers, I will give you command line solutions.
Track user logins and logouts. That's easy, the file /var/log/auth.log should have this information.
Track activity of those users: If they are fairly innocent, you can check the file .bash_history in their home dir. You will see a list of the commands that they executed. The problem is of course that they can delete or edit this file.
Prevent users from deleting logs: Users shouldn't be able to touch auth.log. In order to stop them from playing with .bash_history you need to do a couple of tricks.
What if the user manages to obtain root access? : You're screwed. Unless they make a mistake they will be able to hide all their footsteps.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다