https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing
pam audit might work, test it :) -- Eero On Mon, Feb 19, 2018 at 3:29 PM, <m...@risca.eu> wrote: > On 2018-02-19 14:11, Eero Volotinen wrote: > >> Commercial solution: https://www.ssh.com/products/cryptoauditor/ >> > > Thanks for the option and sorry if I hadn't specified in my previous: > commercial solution are against the TOS of the project. We have the > requirement, commitment and wish to be 100% free-software. > > On 2018-02-19 14:22, Steve Kemp wrote: > >> Do you know about that solution? Or could you suggest something similar? >>> >> You could install "snoopy", which will log all command-executed to >> syslog. Then configure your syslog to forward logs to a remote host. >> It is not fool-proof, but requires no setup for a user.. >> > > Nice to know. It could be improved by moving the logs outside but would > required additional work (and who will be the one in charge of managing > it?). I had a quick view of it but probably it has problem with interactive > programs like editors (I think you'd get only a "vim file.txt"). > > Anyway, I also remember about the post that I read, that was such a clever > and easy solution to feel like the obvious way of doing it. It was easy to > run and very reliable thanks to asymmetric encryption via gpg. >
