On Thursday 26 April 2007 10:32, Gavin White wrote: > In addition to recording system calls, file activity etc, I would like > to record issued commands, ie. anything typed into a shell by a user. > > Is this a reasonable thing to do with auditd? Is it possible?
Well, there are 2 kinds of users, root and everyone else. What everyone else does cannot be logged by the session they are running in because it does not have enough privileges to log to the audit system. For the root user, it has enough privileges to log. We are working on a solution for this problem. I think most security targets are only interested in actions performed by the root user since they can affect the machine in many ways. So, as it stands today, it can't be done with the audit system. We hope to have something that starts to address the problem soon. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
