Auditd

From Newroco tech docs
Jump to: navigation, search

Using auditd to track what commands are issued by users with sudo access (plus other tricks) and getting the info to your syslog server

using mix of http://serverfault.com/questions/470755/log-all-commands-run-by-admins-on-production-servers

and

http://wiki.rsyslog.com/index.php/Centralizing_the_audit_log

list of options here:


http://linux.die.net/man/8/auditd.conf