From: | "J. Roeleveld" <joost@××××××××.org> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | Re: [gentoo-user] logging my activity for audits | ||
Date: | Wed, 12 Sep 2018 15:59:18 | ||
Message-Id: | 2049951.MmQiK2HnL0@eve | ||
In Reply to: | [gentoo-user] logging my activity for audits by "Stefan G. Weichinger" |
1 | On Tuesday, September 11, 2018 12:52:03 PM CEST Stefan G. Weichinger wrote: |
2 | > At a customer we were asked to log/protocol all my administrative |
3 | > activity for potential audits etc |
4 | > |
5 | > My admin-work is basically 98% ssh and maybe some additional tasks done |
6 | > via virt-manager (logging the work inside the VMs there is another topic |
7 | > ... I realize that right now). |
8 | > |
9 | > Is there a recommended way to track the logs? Specific setup for |
10 | > syslog-ng or in my case journald? |
11 | > |
12 | > Maybe I should setup remote syslog here? |
13 | |
14 | All, |
15 | |
16 | This piqued my interest and decided to google a little bit. |
17 | Found the following, which might help: |
18 | |
19 | https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server |
20 | |
21 | Same method is described in: |
22 | |
23 | https://serverfault.com/questions/323270/how-can-i-make-bash-to-log-shell-commands-to-syslog |
24 | |
25 | This will help if all you do is working within bash. If you switch to a |
26 | different shell or run scripts, the logging obviously fails. |
27 | |
28 | Another method might be: |
29 | https://www.linuxjournal.com/article/6144 |
30 | |
31 | This is an older document, but might still be made to work as it uses "process |
32 | accounting" which is still in the kernel afaik. |
33 | |
34 | -- |
35 | Joost |
Subject | Author |
---|---|
Re: [gentoo-user] logging my activity for audits | Grant Taylor <gtaylor@×××××××××××××××××××××.net> |