Command logging after 'su'

Marti, Robert RJM002 at shsu.edu
Thu Sep 23 14:58:11 UTC 2010 

sudosh is essentially keylogging at a different level, and not a RHEL supported package.  Just pointing that out.

Rob Marti

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Scott.Rineer at amwater.com
> Sent: Thursday, September 23, 2010 9:49 AM
> To: General Red Hat Linux discussion list
> Subject: Re: Command logging after 'su'
> 
> key logging is good, but you could also use something like sudosh to record
> command and output.  and have it shipped to a central server.
> 
> Scott Rineer
> Network Server Specialist (Linux)
> American Water ITS
> 800 West Hershey Park Drive
> Hershey, PA  17033
> Office (717) 520-4578
> Cell: (717)-862-8610
> 
> 
> 
>   From:       "Marti, Robert" <RJM002 at shsu.edu>
> 
>   To:         "przemolicc at poczta.fm" <przemolicc at poczta.fm>, General Red Hat
> Linuxdiscussion list <redhat-list at redhat.com>
> 
>   Date:       09/22/2010 11:46 AM
> 
>   Subject:    Re: Command logging after 'su'
> 
>   Sent by:    redhat-list-bounces at redhat.com
> 
> 
> 
> 
> 
> 
> pam can be configured to log every key a user presses via the audit daemon.
> This, however, is useless unless you ship logging off the box.
> 
> Sent from my iPhone
> 
> On Sep 22, 2010, at 10:36 AM, "przemolicc at poczta.fm"
> <przemolicc at poczta.fm>
> wrote:
> 
> > Hi,
> >
> > we have user 'u1' which can do 'su - root'.
> > Is it possible to log all commands run by this user:
> > - during id=u1
> > - after su to 'root' ?
> >
> > Regards
> > P.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------
> > Tanie mieszkania lub pokoje do wynajęcia dla studentów!
> > http://linkint.pl/f27f9
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list