Logging all executed instructions
-
- Posts: 1
- Joined: 2022/06/25 10:12:31
Logging all executed instructions
Is it possible to require the logging of all commands executed by non-privileged users? Can SELinux be set up, for instance, to use Syslog to log all commands? If so, is it possible to whitelist particular commands that don't need to be logged (with specific pathways that the user cannot edit)?
-
- Posts: 1521
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: Logging all executed instructions
I think it's already being logged. Does this help?
and for script commands executed by cron:
Code: Select all
sudo grep "CMD" /var/log/secure
Code: Select all
sudo grep "CMD" /var/log/cron
Re: Logging all executed instructions
I think you could log all commands via auditd (but that's probably "slow").
Otherwise, by default ~/.bash_history tells you what that user typed/did (although that's easy to bypass).
Otherwise, by default ~/.bash_history tells you what that user typed/did (although that's easy to bypass).