Logging all commands by all users\daemons

Support for security such as Firewalls and securing linux
Post Reply
adalfarus
Posts: 2
Joined: 2018/05/14 17:14:07

Logging all commands by all users\daemons

Post by adalfarus » 2018/05/14 17:21:55

Hi all.
How can I logging all commands in the system?

For example, after added that line

Code: Select all

session 	required	pam_tty_audit.so	enable=*
to:
  • /etc/pam.d/password-auth
    /etc/pam.d/system-auth
    /etc/pam.d/sudo
I can grabbing all keystrokes by root. But, I need by all users.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Logging all commands by all users\daemons

Post by TrevorH » 2018/05/14 17:38:46

Welcome to security exposure #1...

Undo that. Look at using the audit daemon and configs instead.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

adalfarus
Posts: 2
Joined: 2018/05/14 17:14:07

Re: Logging all commands by all users\daemons

Post by adalfarus » 2018/05/14 17:57:09

TrevorH wrote:Look at using the audit daemon and configs instead.
Already.
But, it's not helped me.
I wrote to the forum because I've already lost two weeks and without results.

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Logging all commands by all users\daemons

Post by hunter86_bg » 2018/05/15 04:09:00

Why are you so sure that you grab only 'root' keystrokes ? It will capture all without passwords.

Post Reply