Join Log in
Score:0
avatar Ubuntu

Looking for a way to log all commands, with timestamp and arguments, for all users, including root

my flag
KdgDev

As the title states.

Recently a remote ubuntu 18.04 server rebooted. This was a provided server, and reviewing the auth log showed an admin user logged in, did apt-get update && apt-get upgrade and then did reboot for good measure.

We confirmed with the provider that they actually did this.

Mystery solved.

Though that being said, local tests show that if a user does sudo su, nothing they do gets logged in auth.log anymore.

This is quite troublesome. For reviewing and security purposes, I'm looking for a way to log everything a user does.

I'm aware of auditctl, though I recall that's mostly used to keep track of things happening to files and directories.

Some solutions offer altering the commandline or use a log file coming from a user's bashrc, but those can be evaded.

I'm having trouble finding anything complete, so I came here to ask.

20
0 + 1
log
in flag
matigo
[This solution from ServerFault](https://serverfault.com/a/336234) has been the method I use when there is more than one admin for any Linux-based system. `ausearch` and `aureport` can be difficult to read at times, but they track everything and are a right pain to quietly tamper with …
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.