[lxc-users] audit guest keystrokes using pam_tty_audit
Stefan Thaler
s.m.thaler at tue.nl
Wed Aug 5 09:00:17 UTC 2015
Dear All,
I have an unprivileged LXC container which runs an SSH server. The ports
to connect to the container are forwarded, so one can connect from
outside of the host to the container.
Is it possible to record all keystrokes from the host using
auditd(pam_tty_audit) when somebody connects to the container via SSH?
I've added "/session/ /required pam_tty_audit.so enable=*/" to
/etc/pam.d/common-session and /etc/pam.d/sshd and
/etc/pam.d/common-auth, which enables key logging for all users on the
host, but not in the containers.
I can audit system calls made by the guest (e.g., execve ) from the
host, but keystrokes are not recorded.
The host and the container are both ubuntu 14.04 servers.
Any suggestions?
thanks a lot,
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150805/e71b0f34/attachment.html>
More information about the lxc-users
mailing list