Command logging after 'su'
Marti, Robert
RJM002 at shsu.edu
Thu Sep 23 14:58:11 UTC 2010
sudosh is essentially keylogging at a different level, and not a RHEL supported package. Just pointing that out.
Rob Marti
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Scott.Rineer at amwater.com
> Sent: Thursday, September 23, 2010 9:49 AM
> To: General Red Hat Linux discussion list
> Subject: Re: Command logging after 'su'
>
> key logging is good, but you could also use something like sudosh to record
> command and output. and have it shipped to a central server.
>
> Scott Rineer
> Network Server Specialist (Linux)
> American Water ITS
> 800 West Hershey Park Drive
> Hershey, PA 17033
> Office (717) 520-4578
> Cell: (717)-862-8610
>
>
>
> From: "Marti, Robert" <RJM002 at shsu.edu>
>
> To: "przemolicc at poczta.fm" <przemolicc at poczta.fm>, General Red Hat
> Linuxdiscussion list <redhat-list at redhat.com>
>
> Date: 09/22/2010 11:46 AM
>
> Subject: Re: Command logging after 'su'
>
> Sent by: redhat-list-bounces at redhat.com
>
>
>
>
>
>
> pam can be configured to log every key a user presses via the audit daemon.
> This, however, is useless unless you ship logging off the box.
>
> Sent from my iPhone
>
> On Sep 22, 2010, at 10:36 AM, "przemolicc at poczta.fm"
> <przemolicc at poczta.fm>
> wrote:
>
> > Hi,
> >
> > we have user 'u1' which can do 'su - root'.
> > Is it possible to log all commands run by this user:
> > - during id=u1
> > - after su to 'root' ?
> >
> > Regards
> > P.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------
> > Tanie mieszkania lub pokoje do wynajÄcia dla studentĂłw!
> > http://linkint.pl/f27f9
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list