User Accounting  «Prev   Next»

Lesson 3Redhat Process Accounting
ObjectiveDescribe Redhat Process Accounting

Process User Accounting in Red Hat Linux

Process accounting maintains an account of every process ever executed. Process accounting must be compiled into the kernel and enabled once installation is complete. You can do this easily by installing the required RPM psacct. Once installed, you will need to enable psacct by either issuing the accton command or configuring the system initialization file /etc/rc.d/rc.sysinit.
If you wish to disable process accounting, simply issue the accton command without any arguments.
The following SlideShow provides an example of how to install the RPM to enable and disable process accounting.
The default Red Hat Linux kernel comes precompiled with process accounting turned on.
If you later recompile your kernel, leave the BSD Process Accounting (under General Setup) enabled.

Question: Once you have installed process accounting, what command do you type to enable it?

Answer: [redhat@localhost redhat]$ accton /var/log/pacct

Process Accounting

Process accounting is a security method in which an administrator may keep track of system resources used and their allocation among users, provide for system monitoring, and minimally track a user's commands. Process accounting has both positive and negative points. One of the positives is that an intrusion may be narrowed down to the point of entry. A negative is the amount of logs generated by process accounting, and the disk space they may require. This section walks an administrator through the basics of process accounting.

RPM installation
The next lesson explains process auditing.