If you want to log everything everybody does and store it away securely do the following:
a) Install snoopy https://github.com/sensepost/Snoopy
b) setup a rsyslog server who writes a dedicated secure/auth log
c) configure rsyslog on each host to send secure/auth log info to the central rsyslog server
This will log even command history and you are also able to tell root users apart by session id.
No comments:
Post a Comment