Dear All,
I have an unprivileged LXC container which runs an SSH server. The ports
to connect to the container are forwarded, so one can connect from
outside of the host to the container.
Is it possible to record all keystrokes from the host using
auditd(pam_tty_audit) when somebody connects to the container via SSH?
I've added "/session/ /required pam_tty_audit.so enable=*/" to
/etc/pam.d/common-session and /etc/pam.d/sshd and
/etc/pam.d/common-auth, which enables key logging for all users on the
host, but not in the containers.
I can audit system calls made by the guest (e.g., execve ) from the
host, but keystrokes are not recorded.
The host and the container are both ubuntu 14.04 servers.
Any suggestions?
thanks a lot,
Stefan
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
