Unix is less of a given. If a machine is running the vendor's 'enhanced
security' very granular auditing can often be done if enabled ahead of
time.
My 10 year old Ultrix 4.2a machine running enhanced security was able to
track the directories I entered, although that functionality evaporated
after Y2K since the DEC Y2k fixes for auditing and accounting only
applied to 4.3a and above.
Otherwise on plain security unix 'last' will give login times, and looking
in the .sh_history might indicate whether someone went in a directory if
they have not taken the time to edit the commands out.
Drifting ever more off topic, there is some new package for AIX and
solaris which is supposed to make the machine virtually uncrackable by
taking away root's godliness and replacing it with a VMS-like privilege
system. Apparently it has stood up well to a hacker challenge.
On 1 Mar 2001, Rodrigo Ventura wrote:
Obviously not wanting to raise a UNIX vs VAX
war, I was just
wondering whether that kind of tracking would be possible using
UNIX... Any suggestions/comments?
Cheers,