Auditing device files
Ed Christiansen MS
edwardc at ll.mit.edu
Tue Jul 26 13:40:08 UTC 2016
Here's a place to start
http://linux.die.net/man/8/pam_tty_audit
On 7/26/2016 5:00 AM, Pavithra P wrote:
> Hi,
>
> I am trying to see what commands are typed in my terminal and serial
> port. For that I am using auditd daemon which helps me in auditing
> files.
> I thought of a creating audit rules on /dev/tty and /dev/ttyAMA0 for
> seeing whats happening on terminal and serial device respectively
>
> auditctl -w /dev/tty -p rwx -k terminal
> auditctl -w /dev/ttyAMA0 -p rwx -k serialport
>
> But this records only the echo on tty. I cant audit all the commands
> typed on the terminal. I enabled tty logging in the PAM file too by
> adding session required pam_tty_audit.so enable=* in /etc/pam.d/sshd
> file.
> Is there any other way to do this auditing. I want to use auditd
> daemon only so that all my auditing log is in one file.
>
More information about the Linux-audit
mailing list