On 2021-06-20 15:42, Muthamilan Sargunaanandan wrote: > Hello SMEs, Hi Muthu,
> I would like to add the Internal commands (example cd , |, > and etc) track > in AuditD. Thanks for your question. This can be a real challenge. > Can I get the auditd rules to trace the user commands including the > internal commands. Since these are built-in to many shells, the processes running the shells themselves would need to be monitored. Other filters monitoring specific files or users would likely be more helpful. There may be a need to provide system-level (/etc/* defaults) to those shells to restrict their functionality if they prove to be a liability. > Thanks in advance, > Muthu - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
