sudosh is essentially keylogging at a different level, and not a RHEL supported package. Just pointing that out. Rob Marti > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Scott.Rineer@xxxxxxxxxxx > Sent: Thursday, September 23, 2010 9:49 AM > To: General Red Hat Linux discussion list > Subject: Re: Command logging after 'su' > > key logging is good, but you could also use something like sudosh to record > command and output. and have it shipped to a central server. > > Scott Rineer > Network Server Specialist (Linux) > American Water ITS > 800 West Hershey Park Drive > Hershey, PA 17033 > Office (717) 520-4578 > Cell: (717)-862-8610 > > > > From: "Marti, Robert" <RJM002@xxxxxxxx> > > To: "przemolicc@xxxxxxxxx" <przemolicc@xxxxxxxxx>, General Red Hat > Linuxdiscussion list <redhat-list@xxxxxxxxxx> > > Date: 09/22/2010 11:46 AM > > Subject: Re: Command logging after 'su' > > Sent by: redhat-list-bounces@xxxxxxxxxx > > > > > > > pam can be configured to log every key a user presses via the audit daemon. > This, however, is useless unless you ship logging off the box. > > Sent from my iPhone > > On Sep 22, 2010, at 10:36 AM, "przemolicc@xxxxxxxxx" > <przemolicc@xxxxxxxxx> > wrote: > > > Hi, > > > > we have user 'u1' which can do 'su - root'. > > Is it possible to log all commands run by this user: > > - during id=u1 > > - after su to 'root' ? > > > > Regards > > P. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > Tanie mieszkania lub pokoje do wynajÃÂcia dla studentÄÅw! > > http://linkint.pl/f27f9 > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
