How to audit if someone run a specific EXE (/bin/date) with connected IP

Latest response

We can configure & logged if a user runs any/specific command (like /bin/date). How can we also logged the connected IP also with who ran the specific command(/bin/date).

Responses

Hello, Use the folowing procedure to log a users commands :
-1- Add this line in /etc/rsyslog.conf - local6.debug /var/log/login -2- Put this line in the end of /etc/bashrc - export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ][0-9]+[ ]//" ) [$RETRN_VAL]"' 3- To monitor the users commands - # tail -f /var/log/login

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.