Is there a way of monitoring access to droplet, if shared among several individuals ?

February 25, 2015 608 views

I collaborate on some projects at times with other people with access to my droplet. I have got DMCA notice twice, but i see no trace of any torrent usage. Asking others on the team hasn't been much help either, they simply deny it. I work from a university network, and so do others, so the ip doesn't help, as it's the same public ip for all users.
I am fed up with this and trying to find, if there are better ways to monitor non-root users activity/limit their activity to prevent this from happening ever again. Any suggestions/directions are highly appreciated.

1 Answer

What is running on your server? and what are users supposed to do on the server for what they require access?, which kind of access they have? FTP, SSH, Web?

You can check #last command to check logins, and logs for FTP access, but we will need more info and details if you want some help here.

  • My server is running Ubuntu 14.04, mostly used for developing/testing web apps for random projects usually on nodejs. Other users only have ssh access to the server, and work on different modules for these projects. I have a different user(non-root ofcourse) for their ssh access, but being in sudoers anyone logged in as that user can modify files, clear history, etc.
    I found a discussion on notification related to ssh login sessions, but i need something which would let me limit other users accesibility on things like ports. Can transmission and similar services be blacklisted in any way ?

  • If they are part of sudo, I guess there is no way to control access. Maybe you can sudo as their account and scrollup through their commands history, it should be at /~/.bash_history, but again if they delete the file there is no point, maybe you can hide a cronjob and copy bash history file to a "Secret" place where you can later look at, or a remote site.

Have another answer? Share your knowledge.