How to configure auditd to register like internal bash commands?
Richard Guy Briggs
rgb at redhat.com
Tue Feb 8 23:20:27 UTC 2022
On 2022-02-07 23:37, André Letterer wrote:
> Hi folks,
>
> I would like to have some help on configuring auditd for very short
> running commands like
> unset ...
> set ...
> export ...
> history -c
>
> or similar commands.
> How would that be possible?
> Would you mind please to help me on some knowledge about that?
You may want to look into pam_tty_audit, but it may flood your logs.
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list