Tjyylli

Would an alien lifeform be able to achieve space travel if lacking in vision?

Can the DM override racial traits?

How to read αἱμύλιος or when to aspirate

How did passengers keep warm on sail ships?

What force causes entropy to increase?

Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?

How to handle characters who are more educated than the author?

US Healthcare consultation for visitors

Does Parliament need to approve the new Brexit delay to 31 October 2019?

Mortgage adviser recommends a longer term than necessary combined with overpayments

Example of compact Riemannian manifold with only one geodesic.

1960s short story making fun of James Bond-style spy fiction

Can I visit the Trinity College (Cambridge) library and see some of their rare books

Why did Peik Lin say, "I'm not an animal"?

Keeping a retro style to sci-fi spaceships?

How to determine omitted units in a publication

Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?

"is" operation returns false with ndarray.data attribute, even though two array objects have same id

ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?

What happens to a Warlock's expended Spell Slots when they gain a Level?

Loose spokes after only a few rides

What to do when moving next to a bird sanctuary with a loosely-domesticated cat?

Didn't get enough time to take a Coding Test - what to do now?

Do working physicists consider Newtonian mechanics to be "falsified"?

RH / OL 6 auditd login user not audited

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

0

I want to audit all commands on Linux servers. We all have our own login accounts to do things but sometimes we need root access. That's no problem.
But when logging in with my user my actions aren't logged. Any user I login with doesn't seem to be logged.

For example:

[oracle@testvmol ~]$ ls

Desktop    Downloads  Pictures  test       Videos

Documents  Music      Public    Templates

[oracle@testvmol ~]$ rm test

[oracle@testvmol ~]$ su -

Password: 

[root@testvmol ~]# ausearch -ts today -m tty -i

----

type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>

You can see only the actions after the switching are logged. Not even the user switch itself!
Everything should be logged right away...

This is the config I used.

vi /etc/pam.d/password-auth

vi /etc/pam.d/system-auth

    session required pam_tty_audit.so open_only disable=* enable=root,oracle

Can anyone help me to log ALL actions?

linux auditd

share|improve this question

edited yesterday

mature

23519

asked yesterday

S.J.S.J.

11

New contributor

S.J. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

I want to audit all commands on Linux servers. We all have our own login accounts to do things but sometimes we need root access. That's no problem.
But when logging in with my user my actions aren't logged. Any user I login with doesn't seem to be logged.

For example:

[oracle@testvmol ~]$ ls

Desktop    Downloads  Pictures  test       Videos

Documents  Music      Public    Templates

[oracle@testvmol ~]$ rm test

[oracle@testvmol ~]$ su -

Password: 

[root@testvmol ~]# ausearch -ts today -m tty -i

----

type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>

You can see only the actions after the switching are logged. Not even the user switch itself!
Everything should be logged right away...

This is the config I used.

vi /etc/pam.d/password-auth

vi /etc/pam.d/system-auth

    session required pam_tty_audit.so open_only disable=* enable=root,oracle

Can anyone help me to log ALL actions?

linux auditd

share|improve this question

edited yesterday

mature

23519

asked yesterday

S.J.S.J.

11

New contributor

S.J. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

I want to audit all commands on Linux servers. We all have our own login accounts to do things but sometimes we need root access. That's no problem.
But when logging in with my user my actions aren't logged. Any user I login with doesn't seem to be logged.

For example:

[oracle@testvmol ~]$ ls

Desktop    Downloads  Pictures  test       Videos

Documents  Music      Public    Templates

[oracle@testvmol ~]$ rm test

[oracle@testvmol ~]$ su -

Password: 

[root@testvmol ~]# ausearch -ts today -m tty -i

----

type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>

You can see only the actions after the switching are logged. Not even the user switch itself!
Everything should be logged right away...

This is the config I used.

vi /etc/pam.d/password-auth

vi /etc/pam.d/system-auth

    session required pam_tty_audit.so open_only disable=* enable=root,oracle

Can anyone help me to log ALL actions?

linux auditd

share|improve this question

edited yesterday

mature

23519

asked yesterday

S.J.S.J.

11

New contributor

S.J. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

[oracle@testvmol ~]$ ls

Desktop    Downloads  Pictures  test       Videos

Documents  Music      Public    Templates

[oracle@testvmol ~]$ rm test

[oracle@testvmol ~]$ su -

Password: 

[root@testvmol ~]# ausearch -ts today -m tty -i

----

type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>

vi /etc/pam.d/password-auth

vi /etc/pam.d/system-auth

    session required pam_tty_audit.so open_only disable=* enable=root,oracle

share|improve this question

edited yesterday

mature

23519

asked yesterday

S.J.S.J.

11

New contributor

S.J. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited yesterday

mature

23519

asked yesterday

S.J.S.J.

11

New contributor

S.J. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited yesterday

mature

23519

edited yesterday

mature

23519

asked yesterday

S.J.S.J.

11

New contributor

S.J. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked yesterday

S.J.S.J.

11