Logging all commands run

General support questions
Post Reply
simon@bp
Posts: 22
Joined: 2014/07/31 20:00:37

Logging all commands run

Post by simon@bp » 2020/01/29 00:09:56

Is there any way to force logging of all commands run by an unprivileged user? For example, can SELinux be configured to log all commands via syslog?

If there is, is there also a way to whitelist some commands which do not need to be logged (with specific paths, not editable by the user)?

tunk
Posts: 722
Joined: 2017/02/22 15:08:17

Re: Logging all commands run

Post by tunk » 2020/01/29 11:23:34

Not quite what you're asking for: /home/$USER/.bash_history
I guess you could make periodic copies of these files.

User avatar
TrevorH
Forum Moderator
Posts: 28863
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Logging all commands run

Post by TrevorH » 2020/01/29 11:54:23

It's possible to do something like this with the audit daemon but I only know that in theory having seen others post that it can be done. However, it will produce reams of output and managing that is a task in itself. It may also have sufficient overhead that it may have a performance impact as well as generating large volumes of data in /var/log/audit.

A quick google shows https://serverfault.com/questions/47075 ... on-servers which looks like it might be adapted to do what you want.

I'd rather suggest that you use sudo and that already logs who did what and when.

Oh, and this is in the CentOS 6 section - is that what you are running? Don't forget to get off it soon!
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 6 - General Support”