[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Command logging after 'su'



sudosh is essentially keylogging at a different level, and not a RHEL supported package.  Just pointing that out.

Rob Marti

> -----Original Message-----
> From: redhat-list-bounces redhat com [mailto:redhat-list-
> bounces redhat com] On Behalf Of Scott Rineer amwater com
> Sent: Thursday, September 23, 2010 9:49 AM
> To: General Red Hat Linux discussion list
> Subject: Re: Command logging after 'su'
> 
> key logging is good, but you could also use something like sudosh to record
> command and output.  and have it shipped to a central server.
> 
> Scott Rineer
> Network Server Specialist (Linux)
> American Water ITS
> 800 West Hershey Park Drive
> Hershey, PA  17033
> Office (717) 520-4578
> Cell: (717)-862-8610
> 
> 
> 
>   From:       "Marti, Robert" <RJM002 shsu edu>
> 
>   To:         "przemolicc poczta fm" <przemolicc poczta fm>, General Red Hat
> Linuxdiscussion list <redhat-list redhat com>
> 
>   Date:       09/22/2010 11:46 AM
> 
>   Subject:    Re: Command logging after 'su'
> 
>   Sent by:    redhat-list-bounces redhat com
> 
> 
> 
> 
> 
> 
> pam can be configured to log every key a user presses via the audit daemon.
> This, however, is useless unless you ship logging off the box.
> 
> Sent from my iPhone
> 
> On Sep 22, 2010, at 10:36 AM, "przemolicc poczta fm"
> <przemolicc poczta fm>
> wrote:
> 
> > Hi,
> >
> > we have user 'u1' which can do 'su - root'.
> > Is it possible to log all commands run by this user:
> > - during id=u1
> > - after su to 'root' ?
> >
> > Regards
> > P.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------
> > Tanie mieszkania lub pokoje do wynajęcia dla studentów!
> > http://linkint.pl/f27f9
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]