Le 13/07/2012 19:09, Boyce, Kevin P (AS) a écrit :
Wouldn't another option be to audit the exec of particular executables you are interested in knowing if someone runs? Obviously you won't know what they are typing into text documents and such, but is that really required? Most places don't allow key loggers at all and it sounds like that's what you've got.
Nop that's not required, what is required is to log every root-privileged actions, sudo goes in /var/log/secure, real root shells nowhere. The only solution I found was with pam_audit_tty that has the side effect to log every keystroke but I'm open to other solutions, creating a list of binary to watch cannot be one.
-- Cheers, Florian Crouzat -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
