On 2018-02-19 14:11, Eero Volotinen wrote:
Commercial solution: https://www.ssh.com/products/cryptoauditor/
Thanks for the option and sorry if I hadn't specified in my previous:
commercial solution are against the TOS of the project. We have the
requirement, commitment and wish to be 100% free-software.
On 2018-02-19 14:22, Steve Kemp wrote:
Do you know about that solution? Or could you suggest something
similar?
You could install "snoopy", which will log all command-executed to
syslog. Then configure your syslog to forward logs to a remote host.
It is not fool-proof, but requires no setup for a user..
Nice to know. It could be improved by moving the logs outside but would
required additional work (and who will be the one in charge of managing
it?). I had a quick view of it but probably it has problem with
interactive programs like editors (I think you'd get only a "vim
file.txt").
Anyway, I also remember about the post that I read, that was such a
clever and easy solution to feel like the obvious way of doing it. It
was easy to run and very reliable thanks to asymmetric encryption via
gpg.
