0

I want to detect some command if they are used on my system. For that reason I use auditd on my Linux machine. But I can`t figure out if it is possible to detect the use of the trap command.

Maybe you can help me

Thanks a lot

tobmes
  • 1
  • You could tell us what you have tried so far and if there were any error messages etc. – FMK May 15 '19 at 06:54

1 Answers1

0

"trap" is a shell builtin and as such isn't directly visible to auditd (there's no corresponding syscall).

Tomasz Noinski
  • 456
  • 2
  • 10