Sungju's Slow Life

Personal journal

How to keep record the commands executed by root

If you want to keep record of the commands executed by root account, you can achieve that by using audit rules.

First, add the below line in /etc/audit/audit.rules

-a entry,always -S execve -F uid=0

http://pagead2.googlesyndication.com/pagead/show_ads.js

And restart auditd to apply the changes

$ chkconfig auditd on
$ service auditd restart
, ,

Posted by:

sungju

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Me

A software engineer who loves any technologies that makes life easier. That’s why I love Linux and Mac at the same time.

Recent Posts

Newsletter

%d bloggers like this: