Quote:
Originally Posted by niraj.vara
for that logged into the normal user login and vi .bashrc and add the following line
rootsh --no-syslog
Its creating a 225 process
Code:
[root@testing ~]# ps aux | grep rootsh | wc -l
225
|
If you need continuous auditing don't set the shell in a users resource files but consider setting the users shell to rootsh globally. Also consider using the audit service in conjunction with rootsh. *BTW 'ps|grep' means you don't know 'pgrep' yet ;-p
Quote:
Originally Posted by niraj.vara
But problem is its all the log stored in /var/log/messages and /var/log/rootsh/ also.
Now I want to stop the log in /var/log/messages when I run the command from root I am able to stop the log in /var/log/messages.
|
See if you can filter those messages out in /etc/(r)syslog(-ng).conf?