how to use auditd to record all user command history

zhu xiuming xiumingzhu at gmail.com
Sun Oct 6 21:26:02 UTC 2013


HI
I know this seems an old topic. But unfortunately, I can't find a solution
for this. I have googled long time. I tried following options:

1. audit execv syscall,
    this does record every command typed any tty. However, it generates
lots of noise.  Sometimes, the execv syscall is so frequently called that
the system can't afford to log every call of it and it crashes !!!

2. use *pam_tty_audit.so
*
this makes it possible to record one or two users, not all users. *
*
So, may I ask, is this problem solvable by auditd or do I need other tools ?
*

*
*Thanks a lot
*
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20131006/ec50fb9f/attachment.htm>


More information about the Linux-audit mailing list