<div>
You can enable audit, and then specify what sort of commands, system calls you need to log. There are some good commands for analysing those logs then. <br />
<br />
But be aware that audit may generate huge log file depends on level that you are monitoring.
</div>


<div>
use the &quot;ForceCommand&quot; option in sshd_config to run a custom script that does what you expect or an existing tool such as rootsh.<br />
<br />
if you redirect the output to an append-only file, or better a remote syslog, it will be quite difficult to bypass it without you noticing, even as root
</div>


<div>
All good solutions! The only concern I have left is executing commands over ssh (ex. ssh user@server 'sudo bash -s' &lt;&nbsp;local_script.sh) Any idea on how to restrict remote script execution and force the user to use shell to input all of the commands?
</div>


<div>
yes, use the &quot;ForceCommand&quot; option in ssh config file (see above)<br />
<br />
also note that logging in sudo is absolutely trivial to bypass and is often bypassed accidentally by people who type &quot;sudo sh&quot; (which is roughly equivalent to &quot;su&quot;) when they need to work as root so they just don't have to type sudo on evry line afterwards
</div>


<div>
<div class="content wysiwyg-content">
Hello,<br />
<br />
I have a contractor working on a server and using root access. Right now I have imperfect solution of using 'tail -f /root/.bash_history' &gt;&nbsp;log.txt through ssh. I need to have a live streaming record of all system calls and terminal commands for the root activity on a remote server through ssh. <br />
<br />
Thanks!
</div>
</div>


Hello,

I have a contractor working on a server and using root access. Right now I have imperfect solution of using 'tail -f /root/.bash_history' > log.txt through ssh. I need to have a live streaming record of all system calls and terminal commands for the root activity on a remote server through ssh. 

Thanks!

Monitor CentOS root activity through SSH

A Linux distribution is an operating system made as a software collection based on the Linux kernel and, often, on a package management system and are available for a variety of systems. A typical Linux distribution comprises a Linux kernel, GNU tools and libraries, additional software, documentation, a window system (the most common being the X Window System), a window manager, and a desktop environment. Most Linux systems are open-source software made available both as compiled binaries and in source code form, allowing modifications to the original software. Over three hundred distributions are in active development, including commercially backed distributions (such as Fedora, openSUSE and Ubuntu) and community-driven distributions (such as Debian, Slackware, Gentoo and Arch Linux).

Linux Distributions

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Linux Security

The variety of Linux distributions creates myriad issues relating to configuration and operations when computers are networked, not the least of which is the use of various network management applications, some of which are included with specific distributions, while others are standalone applications.