Hello,
I'm looking for a possibility to log the arguments of a command in acct.
Sample :
If I execute the following comand :
$> rm -rf sample_dir
acct will only log "rm", while I'd like to have the whole command, meaning "rm -rf sample_dir"
Thanks in advance,
Fabrice
hello,
To log paramaters in acct logfiles, I have been told to take a look to /etc/security, what I did, but had no success at all.
Is there anything I did wrong ?
audit_startup file :
#!/bin/sh
auditconfig -conf
/usr/sbin/auditconfig -setpolicy +path,argv
auditconfig -setpolicy +cnt
auditconfig -aconf
And I turned on bsmconv, which gave no error, and asekd me to reboot. I did, but nothing more is logged...
Moreover, in the acct manpage 3HEAD, I read the following :
structacct
{
/* ... */
char ac_comm[8];/* command name */
};
which suggest that whatever I do, the command name will be limited to 7 char (plus '\0').
Is there a possibility to log all commands' parameter in any way ? (I mean using acct or anything else, I don't care of this).
Thanks in advance
