Auditing device files
Pavithra P
pavithrais.p at gmail.com
Tue Jul 26 09:00:36 UTC 2016
Hi,
I am trying to see what commands are typed in my terminal and serial
port. For that I am using auditd daemon which helps me in auditing
files.
I thought of a creating audit rules on /dev/tty and /dev/ttyAMA0 for
seeing whats happening on terminal and serial device respectively
auditctl -w /dev/tty -p rwx -k terminal
auditctl -w /dev/ttyAMA0 -p rwx -k serialport
But this records only the echo on tty. I cant audit all the commands
typed on the terminal. I enabled tty logging in the PAM file too by
adding session required pam_tty_audit.so enable=* in /etc/pam.d/sshd
file.
Is there any other way to do this auditing. I want to use auditd
daemon only so that all my auditing log is in one file.
--
With regards,
P Pavithra
More information about the Linux-audit
mailing list