This is correct. The problem is, this records every keystrokes and even
the password of the users. While I only care about the user command
history, I surely do not want to know their passwords.
On Sun, Oct 6, 2013 at 2:40 PM, Trevor Vaughan <tvaughan(a)onyxpoint.com>wrote:
Does pam_tty_audit with enable=* not do what you want?
Trevor
On Sun, Oct 6, 2013 at 5:26 PM, zhu xiuming <xiumingzhu(a)gmail.com> wrote:
> HI
> I know this seems an old topic. But unfortunately, I can't find a
> solution for this. I have googled long time. I tried following options:
>
> 1. audit execv syscall,
> this does record every command typed any tty. However, it generates
> lots of noise. Sometimes, the execv syscall is so frequently called that
> the system can't afford to log every call of it and it crashes !!!
>
> 2. use *pam_tty_audit.so
> *
> this makes it possible to record one or two users, not all users. *
> *
> So, may I ask, is this problem solvable by auditd or do I need other
> tools ?*
>
> *
> *Thanks a lot
> *
> *
> *
>
> --
> Linux-audit mailing list
> Linux-audit(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/linux-audit
>
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvaughan(a)onyxpoint.com
-- This account not approved for unencrypted proprietary information --