Solved

centos 5 - auditd

Posted on 2011-02-22
2
1,053 Views
Last Modified: 2012-06-27
Need to log keystrokes for a user that's logging into one of our centos 5 boxes. I've enabled the pam_tty_audit module in /etc/pam.d/system-auth file, using the
session required pam_tty_audit.so disable=* enable=user,root     line. It's working ok, but messages in the /var/log/audit/audit.log are delayed, and sometimes only appear when the user being monitored logs out. How can I make auditd log activity in real time, so we can watch with 'tail -f'?
Thanks
0
Comment
Question by:netlabz
2 Comments
 
LVL 5

Accepted Solution

by:
_-MYFOX-_ earned 500 total points
ID: 34953845
try rootsh http://www.securityfocus.com/tools/3580
It's a low-level monitoring eg keystrokes
0
 

Author Comment

by:netlabz
ID: 34954113
rootsh works pretty well, only drawback is it requires the user to enter their p/w again for sudo. Even if I have 'sudo rootsh' in their .bashrc or .bash_profile they have to enter their password.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now