Solved

centos 5 - auditd

Posted on 2011-02-22
2
1,058 Views
Last Modified: 2012-06-27
Need to log keystrokes for a user that's logging into one of our centos 5 boxes. I've enabled the pam_tty_audit module in /etc/pam.d/system-auth file, using the
session required pam_tty_audit.so disable=* enable=user,root     line. It's working ok, but messages in the /var/log/audit/audit.log are delayed, and sometimes only appear when the user being monitored logs out. How can I make auditd log activity in real time, so we can watch with 'tail -f'?
Thanks
0
Comment
Question by:netlabz
2 Comments
 
LVL 5

Accepted Solution

by:
_-MYFOX-_ earned 500 total points
ID: 34953845
try rootsh http://www.securityfocus.com/tools/3580
It's a low-level monitoring eg keystrokes
0
 

Author Comment

by:netlabz
ID: 34954113
rootsh works pretty well, only drawback is it requires the user to enter their p/w again for sudo. Even if I have 'sudo rootsh' in their .bashrc or .bash_profile they have to enter their password.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question