RH / OL 6 auditd login user not audited The 2019 Stack Overflow Developer Survey Results Are...
Would an alien lifeform be able to achieve space travel if lacking in vision?
Can the DM override racial traits?
How to read αἱμύλιος or when to aspirate
How did passengers keep warm on sail ships?
What force causes entropy to increase?
Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?
How to handle characters who are more educated than the author?
US Healthcare consultation for visitors
Does Parliament need to approve the new Brexit delay to 31 October 2019?
Mortgage adviser recommends a longer term than necessary combined with overpayments
Example of compact Riemannian manifold with only one geodesic.
1960s short story making fun of James Bond-style spy fiction
Can I visit the Trinity College (Cambridge) library and see some of their rare books
Why did Peik Lin say, "I'm not an animal"?
Keeping a retro style to sci-fi spaceships?
How to determine omitted units in a publication
Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?
"is" operation returns false with ndarray.data attribute, even though two array objects have same id
ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?
What happens to a Warlock's expended Spell Slots when they gain a Level?
Loose spokes after only a few rides
What to do when moving next to a bird sanctuary with a loosely-domesticated cat?
Didn't get enough time to take a Coding Test - what to do now?
Do working physicists consider Newtonian mechanics to be "falsified"?
RH / OL 6 auditd login user not audited
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)How to set up virtual users in vsftpd?Locked out of Opensuse after editing etc/pam.d/xdmLinux user issues with PAM?ssh private key works for root, but not for normal userCan't validate mine, sudo nor root in Debian “Jessie” Gnome anymore?locked myself out of fedora systemTracking file deletion using auditd without unlink?Fedora GNOME User Configurationroot user renamed as qroot - unable to su or sudoHow to Watch All Directories(Includes All Subdirectories) using Auditd?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I want to audit all commands on Linux servers. We all have our own login accounts to do things but sometimes we need root access. That's no problem.
But when logging in with my user my actions aren't logged. Any user I login with doesn't seem to be logged.
For example:
[oracle@testvmol ~]$ ls
Desktop Downloads Pictures test Videos
Documents Music Public Templates
[oracle@testvmol ~]$ rm test
[oracle@testvmol ~]$ su -
Password:
[root@testvmol ~]# ausearch -ts today -m tty -i
----
type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>
You can see only the actions after the switching are logged. Not even the user switch itself!
Everything should be logged right away...
This is the config I used.
vi /etc/pam.d/password-auth
vi /etc/pam.d/system-auth
session required pam_tty_audit.so open_only disable=* enable=root,oracle
Can anyone help me to log ALL actions?
linux auditd
New contributor
add a comment |
I want to audit all commands on Linux servers. We all have our own login accounts to do things but sometimes we need root access. That's no problem.
But when logging in with my user my actions aren't logged. Any user I login with doesn't seem to be logged.
For example:
[oracle@testvmol ~]$ ls
Desktop Downloads Pictures test Videos
Documents Music Public Templates
[oracle@testvmol ~]$ rm test
[oracle@testvmol ~]$ su -
Password:
[root@testvmol ~]# ausearch -ts today -m tty -i
----
type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>
You can see only the actions after the switching are logged. Not even the user switch itself!
Everything should be logged right away...
This is the config I used.
vi /etc/pam.d/password-auth
vi /etc/pam.d/system-auth
session required pam_tty_audit.so open_only disable=* enable=root,oracle
Can anyone help me to log ALL actions?
linux auditd
New contributor
add a comment |
I want to audit all commands on Linux servers. We all have our own login accounts to do things but sometimes we need root access. That's no problem.
But when logging in with my user my actions aren't logged. Any user I login with doesn't seem to be logged.
For example:
[oracle@testvmol ~]$ ls
Desktop Downloads Pictures test Videos
Documents Music Public Templates
[oracle@testvmol ~]$ rm test
[oracle@testvmol ~]$ su -
Password:
[root@testvmol ~]# ausearch -ts today -m tty -i
----
type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>
You can see only the actions after the switching are logged. Not even the user switch itself!
Everything should be logged right away...
This is the config I used.
vi /etc/pam.d/password-auth
vi /etc/pam.d/system-auth
session required pam_tty_audit.so open_only disable=* enable=root,oracle
Can anyone help me to log ALL actions?
linux auditd
New contributor
I want to audit all commands on Linux servers. We all have our own login accounts to do things but sometimes we need root access. That's no problem.
But when logging in with my user my actions aren't logged. Any user I login with doesn't seem to be logged.
For example:
[oracle@testvmol ~]$ ls
Desktop Downloads Pictures test Videos
Documents Music Public Templates
[oracle@testvmol ~]$ rm test
[oracle@testvmol ~]$ su -
Password:
[root@testvmol ~]# ausearch -ts today -m tty -i
----
type=TTY msg=audit(04/11/2019 14:08:45.744:36) : tty pid=3574 uid=root auid=oracle ses=2 major=136 minor=0 comm=bash data="ausearch -ts today -m tty -i",<ret>
You can see only the actions after the switching are logged. Not even the user switch itself!
Everything should be logged right away...
This is the config I used.
vi /etc/pam.d/password-auth
vi /etc/pam.d/system-auth
session required pam_tty_audit.so open_only disable=* enable=root,oracle
Can anyone help me to log ALL actions?
linux auditd
linux auditd
New contributor
New contributor
edited yesterday
mature
23519
23519
New contributor
asked yesterday
S.J.S.J.
11
11
New contributor
New contributor
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
S.J. is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424222%2frh-ol-6-auditd-login-user-not-audited%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
S.J. is a new contributor. Be nice, and check out our Code of Conduct.
S.J. is a new contributor. Be nice, and check out our Code of Conduct.
S.J. is a new contributor. Be nice, and check out our Code of Conduct.
S.J. is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424222%2frh-ol-6-auditd-login-user-not-audited%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown