Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Logging changes made on VPS.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Logging changes made on VPS.

So, context:

I'm buying an application (expensive af), that requires the vendor to have access to the server for him to install it.

Is there a way to keep comprehensive logs of what he does in the server? I'd like to know everything he does. Centos 6, if it matters.

Comments

  • varunchopra said: I'm buying an application (expensive af), that requires the vendor to have access to the server for him to install it.

    You're gonna have a bad time. WHMCS and SolusVM doesn't even require this

  • @doughmanes said:

    varunchopra said: I'm buying an application (expensive af), that requires the vendor to have access to the server for him to install it.

    You're gonna have a bad time. WHMCS and SolusVM doesn't even require this

    This thread has literally nothing to do with hosting.

  • MasonRMasonR Community Contributor
    edited March 2017

    Possibly auditd? Never used myself so not too sure about it's capabilities or ease of use/configuration.

    https://linux.die.net/man/8/auditd

  • varunchopra said: This thread has literally nothing to do with hosting.

    Trying to point out your literal bad decision to let a developer access your server to setup something which documentation should be able to do.

  • @doughmanes said:

    varunchopra said: This thread has literally nothing to do with hosting.

    Trying to point out your literal bad decision to let a developer access your server to setup something which documentation should be able to do.

    Who said there's documentation?

    @MasonR said:
    Possibly auditd? Never used myself so not too sure about it's capabilities or ease of use/configuration.

    https://linux.die.net/man/8/auditd

    I've seen this but it isn't particularly friendly or readable.

  • WSSWSS Member

    bash? You can get command-line level from running 'script', it's builtin.

    latty% script
    Script started, file is typescript
    latty% echo i am a weenor
    i am a weenor
    latty% fdisk -l
    fdisk: cannot open /dev/ram0: Permission denied
    fdisk: cannot open /dev/ram1: Permission denied
    fdisk: cannot open /dev/ram2: Permission denied
    fdisk: cannot open /dev/ram3: Permission denied
    fdisk: cannot open /dev/ram4: Permission denied
    fdisk: cannot open /dev/ram5: Permission denied
    fdisk: cannot open /dev/ram6: Permission denied
    fdisk: cannot open /dev/ram7: Permission denied
    fdisk: cannot open /dev/ram8: Permission denied
    fdisk: cannot open /dev/ram9: Permission denied
    fdisk: cannot open /dev/ram10: Permission denied
    fdisk: cannot open /dev/ram11: Permission denied
    fdisk: cannot open /dev/ram12: Permission denied
    fdisk: cannot open /dev/ram13: Permission denied
    fdisk: cannot open /dev/ram14: Permission denied
    fdisk: cannot open /dev/ram15: Permission denied
    fdisk: cannot open /dev/sda: Permission denied
    fdisk: cannot open /dev/mapper/cryptswap1: Permission denied
    latty% exit
    Script done, file is typescript
    latty% more typescript 
    Script started on Sat 11 Mar 2017 11:32:10 AM PST
    %                                                               
    latty% echo i am a weenor
    i am a weenor
    %                                                               
    latty% fdisk -l
    fdisk: cannot open /dev/ram0: Permission denied
    fdisk: cannot open /dev/ram1: Permission denied
    fdisk: cannot open /dev/ram2: Permission denied
    fdisk: cannot open /dev/ram3: Permission denied
    fdisk: cannot open /dev/ram4: Permission denied
    fdisk: cannot open /dev/ram5: Permission denied
    fdisk: cannot open /dev/ram6: Permission denied
    fdisk: cannot open /dev/ram7: Permission denied
    fdisk: cannot open /dev/ram8: Permission denied
    fdisk: cannot open /dev/ram9: Permission denied
    fdisk: cannot open /dev/ram10: Permission denied
    fdisk: cannot open /dev/ram11: Permission denied
    fdisk: cannot open /dev/ram12: Permission denied
    fdisk: cannot open /dev/ram13: Permission denied
    fdisk: cannot open /dev/ram14: Permission denied
    fdisk: cannot open /dev/ram15: Permission denied
    fdisk: cannot open /dev/sda: Permission denied
    fdisk: cannot open /dev/mapper/cryptswap1: Permission denied
    %                                                               
    latty% exit
    
    Script done on Sat 11 Mar 2017 11:32:31 AM PST
    latty%  
    
    Thanked by 2eastonch ehab
  • @WSS said:
    bash? You can get command-line level from running 'script', it's builtin.

    Was just about to suggest this.

  • FlamesRunnerFlamesRunner Member
    edited March 2017

    @varunchopra

    Use tripwire/aide -- I get comprehensive logs that tell me what's been modified in my servers.

  • varunchopravarunchopra Member
    edited March 2017

    @WSS said:
    bash? You can get command-line level from running 'script', it's builtin.

    Looking for something way more detailed. The guy's gonna be making a lot of changes, and I need to see what, when and how things were happening.

    FlamesRunner said: Use tripwire/aide -- I get comprehensive logs that tell me what's been modified in my servers.

    Tripwire seems neat. Will check it out.

  • edited March 2017

    @varunchopra said:
    Looking for something way more detailed. The guy's gonna be making a lot of changes, and I need to see what, when and how things were happening.

    Make them use a configuration management tool. It makes zero sense to be installing any complex and expensive software manually on each server you run. Audit before the fact, not after it.

  • I recommend tripwire.

  • WSSWSS Member

    Also, setup a slave for SQL/etc if you want to see what's going on there. Setup a filesystem that takes snapshots and take one before he starts.

  • YuraYura Member

    Be like this guy

  • ehabehab Member

    @Yura said:

    did you ever watch tim and eric awesome show?

  • WSSWSS Member

    Thanked by 1ehab
  • @WSS said:
    Also, setup a slave for SQL/etc if you want to see what's going on there. Setup a filesystem that takes snapshots and take one before he starts.

    Did it.

    Also set up Tripwire.

    Time to wait in the bushes now. B)

    Thanked by 1WSS
  • YuraYura Member

    @ehab said:

    @Yura said:

    did you ever watch tim and eric awesome show?

    Nope, but I'm willing to give it a try if you recommend it. It will go right after that Reno 911 show I'm getting my hands on :)

    Thanked by 1WSS
  • ehabehab Member

    @Yura said:

    you'll never be the same again :) lol

    check it out ;)

    Thanked by 1Yura
  • WSSWSS Member

    I've never watched T&E, because I think Cartoon Network and the shows on there are generally by-and-for burnouts. However, I am on the internet so I know most of the memes.

  • quicksilver03quicksilver03 Member, Host Rep

    Here's an idea, it's so crazy that it might even work:

    • install your VPS
    • create a remote git repository
    • clone this repository at the root of your VPS
    • add everything under root git add -A /
    • commit
    • push to the origin git repository

    Once the vendor is done with their installation, git status at the root of the VPS will tell you exactly what they have done.

  • WSSWSS Member

    @quicksilver03 said:
    Here's an idea, it's so crazy that it might even work

    Same, but dd the disk image to a file, then do a dd state-n-compare between the local drive and the stored image.

  • YuraYura Member
    edited March 2017

    Windows is leaps and bounds ahead of Linux in this game: myriads of keyloggers and RATs with screen recording at your disposal. Really, linux, wtf is your problem?!

    Thanked by 2WSS deadbeef
  • WSSWSS Member

    @Yura said:
    Windows are leaps and bounds ahead of Linux in this game with myriads of keyloggers and RATs with screen recording at your disposal. Really, linux, wtf is your problem?!

    There are tools available. Check out the Vault 7 Repo. You might need to apply for commit access.

    Thanked by 2Yura deadbeef
  • YuraYura Member

    @WSS said:

    @Yura said:
    Windows are leaps and bounds ahead of Linux in this game with myriads of keyloggers and RATs with screen recording at your disposal. Really, linux, wtf is your problem?!

    There are tools available. Check out the Vault 7 Repo. You might need to apply for commit access.

    Not until Linus will fix that https nonsense! My totally legitimate gov organization doesn't need any encryption yo.

  • WSSWSS Member
    edited March 2017

    @Yura said:
    Not until Linus will fix that https nonsense! My totally legitimate gov organization doesn't need any encryption yo.

    Vault 7 has supported Lets Encrypt since 0-day, I mean.. day 0. ( @bsdguy this is for you)

Sign In or Register to comment.