how to use auditd to record all user command history
Trevor Vaughan
tvaughan at onyxpoint.com
Sun Oct 6 21:40:35 UTC 2013
Does pam_tty_audit with enable=* not do what you want?
Trevor
On Sun, Oct 6, 2013 at 5:26 PM, zhu xiuming <xiumingzhu at gmail.com> wrote:
> HI
> I know this seems an old topic. But unfortunately, I can't find a solution
> for this. I have googled long time. I tried following options:
>
> 1. audit execv syscall,
> this does record every command typed any tty. However, it generates
> lots of noise. Sometimes, the execv syscall is so frequently called that
> the system can't afford to log every call of it and it crashes !!!
>
> 2. use *pam_tty_audit.so
> *
> this makes it possible to record one or two users, not all users. *
> *
> So, may I ask, is this problem solvable by auditd or do I need other tools
> ?*
>
> *
> *Thanks a lot
> *
> *
> *
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvaughan at onyxpoint.com
-- This account not approved for unencrypted proprietary information --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20131006/84a6ce0e/attachment.htm>
More information about the Linux-audit
mailing list