Is there any way to force logging of all commands run by an unprivileged user? For example, can SELinux be configured to log all commands via syslog?
If there is, is there also a way to whitelist some commands which do not need to be logged (with specific paths, not editable by the user)?
Logging all commands run
Re: Logging all commands run
Not quite what you're asking for: /home/$USER/.bash_history
I guess you could make periodic copies of these files.
I guess you could make periodic copies of these files.
Re: Logging all commands run
It's possible to do something like this with the audit daemon but I only know that in theory having seen others post that it can be done. However, it will produce reams of output and managing that is a task in itself. It may also have sufficient overhead that it may have a performance impact as well as generating large volumes of data in /var/log/audit.
A quick google shows https://serverfault.com/questions/47075 ... on-servers which looks like it might be adapted to do what you want.
I'd rather suggest that you use sudo and that already logs who did what and when.
Oh, and this is in the CentOS 6 section - is that what you are running? Don't forget to get off it soon!
A quick google shows https://serverfault.com/questions/47075 ... on-servers which looks like it might be adapted to do what you want.
I'd rather suggest that you use sudo and that already logs who did what and when.
Oh, and this is in the CentOS 6 section - is that what you are running? Don't forget to get off it soon!
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke