Logging all commands by all users\daemons

Support for security such as Firewalls and securing linux
adalfarus
Posts: 2
Joined: 2018/05/14 17:14:07

Logging all commands by all users\daemons

Postby adalfarus » 2018/05/14 17:21:55

Hi all.
How can I logging all commands in the system?

For example, after added that line

Code: Select all

session    required   pam_tty_audit.so   enable=*

to:
    /etc/pam.d/password-auth
    /etc/pam.d/system-auth
    /etc/pam.d/sudo

I can grabbing all keystrokes by root. But, I need by all users.

User avatar
TrevorH
Forum Moderator
Posts: 22590
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Logging all commands by all users\daemons

Postby TrevorH » 2018/05/14 17:38:46

Welcome to security exposure #1...

Undo that. Look at using the audit daemon and configs instead.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

adalfarus
Posts: 2
Joined: 2018/05/14 17:14:07

Re: Logging all commands by all users\daemons

Postby adalfarus » 2018/05/14 17:57:09

TrevorH wrote:Look at using the audit daemon and configs instead.

Already.
But, it's not helped me.
I wrote to the forum because I've already lost two weeks and without results.

hunter86_bg
Posts: 1102
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Logging all commands by all users\daemons

Postby hunter86_bg » 2018/05/15 04:09:00

Why are you so sure that you grab only 'root' keystrokes ? It will capture all without passwords.