If you want to keep record of the commands executed by root account, you can achieve that by using audit rules.
First, add the below line in /etc/audit/audit.rules
-a entry,always -S execve -F uid=0
And restart auditd to apply the changes
$ chkconfig auditd on $ service auditd restart
Leave a Reply