centos 5 - auditd

Posted on 2011-02-22
Medium Priority
Last Modified: 2012-06-27
Need to log keystrokes for a user that's logging into one of our centos 5 boxes. I've enabled the pam_tty_audit module in /etc/pam.d/system-auth file, using the
session required pam_tty_audit.so disable=* enable=user,root     line. It's working ok, but messages in the /var/log/audit/audit.log are delayed, and sometimes only appear when the user being monitored logs out. How can I make auditd log activity in real time, so we can watch with 'tail -f'?
Question by:netlabz

Accepted Solution

_-MYFOX-_ earned 2000 total points
ID: 34953845
try rootsh http://www.securityfocus.com/tools/3580
It's a low-level monitoring eg keystrokes

Author Comment

ID: 34954113
rootsh works pretty well, only drawback is it requires the user to enter their p/w again for sudo. Even if I have 'sudo rootsh' in their .bashrc or .bash_profile they have to enter their password.

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Virtualization software lets you run different versions of Windows, Ubuntu Linux and other versions of Linux all at the same time, rather than running each one directly from your computer's hard drive.
Can you run Linux on a Windows system?  Yep.  Here's how.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question