Sebastien Couture seb3point0
seb3point0
/ audit.sh
Created
December 9, 2020 12:15
— forked from colebrooke/audit.sh
Setting up auditd on Ubuntu 14.04 to monitor both tty and root commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Justin Miller 08/04/16 | |
| # Setup auditd | |
| # command example: | |
| # aureport --tty | |
| # | |
| # to view root commands: | |
| # ausearch -ue 0 | |
| # to view user commands: | |
| # ausearch -ua <userid> |