0

I've done some research and it looks like that the way linux keeps history is less about security and audit and more about helping the user.

Even after making changes to instantly log the command and space commands the command still wont log till finished.

Is there any way to improve audit logging other then possibly writing a module for the linux kernel that will instantly log whatever is typed?

Jason
  • 3,931
  • 19
  • 66
  • 107
  • Shell history is indeed not intended as an audit log. What exactly do you want to log and what corner cases make you worried that your logging won’t be complete? And regarding your last remark, a key logger also comes with many short comings as well (tab completion, backspaces and other corrections in a command line draft and Ctrl + C aborted command lines that were never started) – Bob Sep 15 '20 at 12:48
  • Looking to do monitoring of systems for possible compromises such as an account gets hacked and exploits or data is touched. Looking for ways to stream the logs offsite – Jason Sep 15 '20 at 14:25

0 Answers0