Unix/Linux is a multi-user system that was designed to ensure that multiple users can work in parallel. System administrators should always overview their systems and monitor them by regularly running safety checks. The information culled from this activity will allow the sysadmin to find explanations for unusual activity, such as load fluctuations, quickly. If an issue becomes a serious problem, the admin can eliminate the cause to ensure a stable and safe environment for the users.

Previous articles have described programs for bandwidth monitoring, which monitors the network load caused by processes and interfaces. In this article, I'll examine how to monitor users and their activities.

System Users

I'll first look at the users who already exist within the system; specifically those who can regularly log in. Generally speaking, these are officially created users with user privileges. At this level, checking for any unauthorized access is quite simple.

[...]