User Accounting   «Prev  Next»

Process User Auditing in RedHat Linux

  1. last | less: Tells where a user has been logged in from.
  2. sa | less: Summarizes accounting information on each process.
  3. lastcomm user | less: Displays all processes executed by a specified user.
  4. dump_acct | less: Provides a complete dump of the process accounting file.
  5. sa --user-summary | head: Shows summarized resource usage.
  6. ac -p: Shows how long a user has been connected since the last log rotation.

Managing Identities with FreeIPA

The FreeIPA project ( aims at providing software to manage security information across an entire enterprise or other computing environment. The "IPA" part of FreeIPA stands for identity (identifying and authenticating users and machines), policy (settings for access control of applications and machines), and audit (methods for collecting and auditing security events, logs, and user activities).
The "identity" area of FreeIPA represents the first set of FreeIPA features to be implemented. If you want to centralize management of security information, you can try these features in Fedora 11. You can use this first release of FreeIPA to configure IPA servers for user identity management and centralized authentication. Then use FreeIPA clients to work with that information. The software features that FreeIPA works with in this initial release include:
  1. Linux Fedora
  2. Network Time Protocol (NTP) Daemon
  3. Domain Name System (DNS) Daemon
  4. Fedora Directory Server
  5. Kerberos Key Distribution
CAUTION: Note that FreeIPA modifies the services just mentioned, so it is best to try FreeIPA only on test systems. In other words, don't use FreeIPA on your production servers. (For RHEL, you can also use Enterprise IPA from Red Hat. See for details.)