UNIX and fascist logging

neoice

so I've got a server set up as a development / sysadmin sandbox. its part of a project to teach myself and design a system for a future small business. for a business application, I want to implement fascist logging. I want to know what every user is doing at any given time. I also want more in-depth system logging, such as bandwidth usage and system resources. I dont really have any idea where to start. I'm sure a lot of this has all been done before and would probably work better than me hacking together assorted python and shell scripts to get the job done.

does anyone have any ideas / thoughts / links?

Studio Madcrow

You really shouldn't even try. Such systems are evil.

Stubru Freak

I don't think it's in the spirit of Linux, so I would guess it doesn't exist.

MrBlueSky

Install and enable process accounting with the 'acct' package: http://savannah.gnu.org/projects/acct/

Besides that, every information you want can be gathered with standard unix commands, and from the logfiles. Familiarize yourself with your systems log-facility (syslog or syslog-ng), and know how to use commands like top, ntop, ps, w, etc.

Also have a look at tools like tcpdump (or, preferably, wireshark) and snort to monitor network traffic in detail. To analyze not only realtime traffic, but log all traffic, install ulogd and enable its pcap plugin to have it save all traffic in tcpdump and wireshark compatible format.

And I disagree with the previous posts. To keep your system secure you NEED to know what is going on, if necessary in great detail. That's why unix/linux has a large amount of standard commands and facilities to achieve this. Also, to gain knowledge about securing a system there is only one way to go: trying and practice.