Re: Recording user command ?
On Thursday 26 April 2007 10:32, Gavin White wrote:
In addition to recording system calls, file activity etc, I would
like
to record issued commands, ie. anything typed into a shell by a user.
Is this a reasonable thing to do with auditd? Is it possible?
Well, there are 2 kinds of users, root and everyone else. What everyone else
does cannot be logged by the session they are running in because it does not
have enough privileges to log to the audit system.
For the root user, it has enough privileges to log. We are working on a
solution for this problem. I think most security targets are only interested
in actions performed by the root user since they can affect the machine in
many ways.
So, as it stands today, it can't be done with the audit system. We hope to
have something that starts to address the problem soon.
-Steve