On 2022-02-07 23:37, André Letterer wrote: > Hi folks, > > I would like to have some help on configuring auditd for very short > running commands like > unset ... > set ... > export ... > history -c > > or similar commands. > How would that be possible? > Would you mind please to help me on some knowledge about that?
You may want to look into pam_tty_audit, but it may flood your logs. - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
