We are trying to start logging all executed commands by users (including root) on CentOS using auditd with type=USER_CMD, how we can do it?
We already getting commands, starting with sudo, but not others.
Auditd setting, which allow us to login sudo actions:
-w /var/log/sudo.log -p wa -k actions
-w /etc/sudoers -p wa -k scope
But how can we log ALL commands, that executed via shell from ALL users?
