Hello
I need A keylogger for for centOS server.Because it my server sometime system administrator work on my server.but they change password/delete command.I wanna monitor my server and my system admin.what he doing on my server its possible with any keylogger?


Thank you

I never trie using keyloggers but I think it will create more work to monitor all the output that what it will take to take away administrator rights.

Try configuring sudo on the server and that way they will not be able to make system wide changes.

The real question is, how can you give admin access to somebody you don't trust.

1 members found this post helpful.

Theoretically there's a tech soln.

Give him a sudo acct and ensure sudoers logging is on, BUT also ensure the logs are immediately fwd'd via rsyslog to a system he does NOT have access to.
Even then I'd worry - he could fool with that setting although you'd have some evidence.
Frankly you need someone you can trust... get a new admin.

As stated before: if you can not trust an admin to perform requested tasks and nothing else then they should be corrected or not get access in the first place. That said what you're looking for is not a key logger but extending your auditing capabilities. First of all since the user gains root privileges you have to set up a few things before you can start logging:
- ensure you have all-encompassing, current backups (and test restoring those!),
- exfiltrate audit logging using a remote syslog server,
- implement a HIDS (like Samhain due to remote database, logging, use of inotify and continuous monitoring mode),
- a service monitor,
- install rootsh (make it log to syslog obviously), and
- ensure you have a good set of auditd rules.

With that in place, and having hired the services of a reputable sysadm, you have:
- no problem telling the admin he/she's being audited (psyops does work wonders for most),
- an almost-complete remote audit trail, and
- the means to revert any unwarranted changes (provided you possess Out of Band access ;-p).