Here's a place to start http://linux.die.net/man/8/pam_tty_audit
On 7/26/2016 5:00 AM, Pavithra P wrote:
Hi, I am trying to see what commands are typed in my terminal and serial port. For that I am using auditd daemon which helps me in auditing files. I thought of a creating audit rules on /dev/tty and /dev/ttyAMA0 for seeing whats happening on terminal and serial device respectively auditctl -w /dev/tty -p rwx -k terminal auditctl -w /dev/ttyAMA0 -p rwx -k serialport But this records only the echo on tty. I cant audit all the commands typed on the terminal. I enabled tty logging in the PAM file too by adding session required pam_tty_audit.so enable=* in /etc/pam.d/sshd file. Is there any other way to do this auditing. I want to use auditd daemon only so that all my auditing log is in one file.
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
