Re: how to use auditd to record all user command history

Does pam_tty_audit with enable=* not do what you want? Trevor On Sun, Oct 6, 2013 at 5:26 PM, zhu xiuming <xiumingzhu(a)gmail.com&gt; wrote: > HI > I know this seems an old topic. But unfortunately, I can't find a > solution for this. I have googled long time. I tried following options: > > 1. audit execv syscall, > this does record every command typed any tty. However, it generates > lots of noise. Sometimes, the execv syscall is so frequently called that > the system can't afford to log every call of it and it crashes !!! > > 2. use *pam_tty_audit.so > * > this makes it possible to record one or two users, not all users. * > * > So, may I ask, is this problem solvable by auditd or do I need other > tools ?* > > * > *Thanks a lot > * > * > * > > -- > Linux-audit mailing list > Linux-audit(a)redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan(a)onyxpoint.com -- This account not approved for unencrypted proprietary information --