Logging all executed instructions

General support questions
Post Reply
CharlesMack
Posts: 1
Joined: 2022/06/25 10:12:31

Logging all executed instructions

Post by CharlesMack » 2022/09/26 01:31:11

Is it possible to require the logging of all commands executed by non-privileged users? Can SELinux be set up, for instance, to use Syslog to log all commands? If so, is it possible to whitelist particular commands that don't need to be logged (with specific pathways that the user cannot edit)?

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Logging all executed instructions

Post by lightman47 » 2022/09/26 21:26:12

I think it's already being logged. Does this help?

Code: Select all

sudo grep "CMD" /var/log/secure
and for script commands executed by cron:

Code: Select all

sudo grep "CMD" /var/log/cron

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: Logging all executed instructions

Post by aks » 2022/09/29 16:36:32

I think you could log all commands via auditd (but that's probably "slow").
Otherwise, by default ~/.bash_history tells you what that user typed/did (although that's easy to bypass).

Post Reply