On Mon, Oct 7, 2013 at 1:30 PM, zhu xiuming <xiumingzhu(a)gmail.com> wrote:
This is correct. The problem is, this records every keystrokes and
even the
password of the users. While I only care about the user command history, I
surely do not want to know their passwords.
There is another problem - users without a tty will be able to type
commands that aren't loged (hence not a full solution). A test case
for this is:
ssh host ls
On Sun, Oct 6, 2013 at 2:40 PM, Trevor Vaughan <tvaughan(a)onyxpoint.com>
wrote:
>
> Does pam_tty_audit with enable=* not do what you want?
>
> Trevor
>
>
> On Sun, Oct 6, 2013 at 5:26 PM, zhu xiuming <xiumingzhu(a)gmail.com> wrote:
>>
>> HI
>> I know this seems an old topic. But unfortunately, I can't find a
>> solution for this. I have googled long time. I tried following options:
>>
>> 1. audit execv syscall,
>> this does record every command typed any tty. However, it generates
>> lots of noise. Sometimes, the execv syscall is so frequently called that
>> the system can't afford to log every call of it and it crashes !!!
>>
>> 2. use pam_tty_audit.so
>> this makes it possible to record one or two users, not all users.
>>
>> So, may I ask, is this problem solvable by auditd or do I need other
>> tools ?
>>
>> Thanks a lot
>>
>>
>> --
>> Linux-audit mailing list
>> Linux-audit(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/linux-audit
>
>
>
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699
> tvaughan(a)onyxpoint.com
>
> -- This account not approved for unencrypted proprietary information --
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit