I've installed OpenSUSE on my server and want to set ssh to log every command, which is send to system over it.
I've found this in my sshd_config:
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
I guess that both of those directives has to be uncommented, but I'd like to log every command, not only authorization (login/logout via SSH). I just want to know, if someone breaks into my system, what did he do.
Answer
history
does this automatically, login as the user that was logged into through ssh and execute:
history
It shows the history of commands executed by that specific user.
history > command.log
will save the history to the file "command.log
"
More about history
: http://en.wikipedia.org/wiki/History_%28Unix%29 and http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?history
Command line history should also be stored in .bash_history
(file in the user's home directory) when using bash (properly).
Comments
Post a Comment