Re: How to configure auditd to register like internal bash commands?

Yeah, it's a very good start. However it seems it still doesn't do what I want.   It seems only changing the 2 files doesn't do the job:             nano /etc/pam.d/system-auth             session    required     pam_tty_audit.so disable=* enable=logs log_passwd           nano /etc/pam.d/password-auth             session    required     pam_tty_audit.so disable=* enable=logs log_passwd   I get much more entries in /var/log/audit/audit.log for user logs like for instance if I su to this one.   However unfortunately commands like "history -c" don't still trigger an entry...   Is there still a follow-up idea on this?