|Lesson 3||Redhat Process Accounting|
|Objective||Describe Redhat Process Accounting|
Process and User Accounting in Redhat Linux
Process accounting maintains an account of every process ever executed.
Process accounting must be compiled into the kernel and enabled once installation is complete.
You can do this easily by installing the required RPM
psacct. Once installed, you will need to enable psacct by either issuing the
accton command or configuring the system initialization file
If you wish to disable process accounting, simply issue the
accton command without any arguments.
The following SlideShow provides an example of how to install the RPM to enable and disable process accounting.
The default Red Hat Linux kernel comes precompiled with process accounting turned on.
If you later recompile your kernel, leave the BSD Process Accounting (under General Setup) enabled.
Question: Once you have installed process accounting, what command do you type to enable it?
Answer: [redhat@localhost redhat]$ accton /var/log/pacct
Process accounting is a security method in which an administrator may keep track of system resources used and their allocation among users, provide for system monitoring, and minimally track a user's commands.
Process accounting has both positive and negative points. One of the positives is that an intrusion may be narrowed down to the point of entry.
A negative is the amount of logs generated by process accounting, and the disk space they may require. This section walks an administrator through the basics of process accounting.