Re: How to configure auditd to register like internal bash commands?
On 2022-02-07 23:37, André Letterer wrote:
Hi folks,
I would like to have some help on configuring auditd for very short
running commands like
unset ...
set ...
export ...
history -c
or similar commands.
How would that be possible?
Would you mind please to help me on some knowledge about that?
You may want to look into pam_tty_audit, but it may flood your logs.
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635