Well. It's normal way to stream logs to centralized log server via rsyslog or ossec..
Eero 19.2.2018 18.25 <m...@risca.eu> kirjoitti: > On 2018-02-19 16:52, john doe wrote: > >> Isn't pam enough?: >> https://linux.die.net/man/8/pam >> >> No need to install anything and it's quite versatile. >> > > Yes, this is in line with the other suggested options such as snoopy or > pam_tty_audit. It could work as audit system, but it seems to me as a > solution for more structured and corporate environment. > In the described case I would like a solution that store record the > session in a safe way, immutable and trustable, therefore encrypting all > (only the owners have to be able to read it) and hosted on a read only > resource (the user who logins should not be able to delete it) and provable > (signed). > I think that with pam there is the risk that a user with full access right > could easily delete all the logs. Or that the log could be altered after. > >
