4
I've installed OpenSUSE on my server and want to set ssh to log every command, which is send to system over it.
I've found this in my sshd_config:
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
I guess that both of those directives has to be uncommented, but I'd like to log every command, not only authorization (login/logout via SSH). I just want to know, if someone breaks into my system, what did he do.
bash history is not used in ssh commands that don't start a bash shell. – user3338098 – 2016-04-11T14:36:24.540
Can this (the report from "history" command) be cleared by possible attacker? – Radek Simko – 2010-06-16T19:57:54.230
1It could, but any other log could be cleared as well... – BloodPhilia – 2010-06-16T20:03:47.623
There are a few source code additions to SSHD which will log all SSH input and output. These files are written & owned by root and often sent to syslog. The user cannot clear these logfiles. However, I'm not aware of any publicly-available code, and OpenSSH is a BSD licensed product so there is no requirement to redistribute any changes in the code. – Stefan Lasiewski – 2010-06-16T20:28:46.803