Y
Hacker News
new
|
ask
|
show
|
jobs
by
ultramancool
3808 days ago
Yes you would - but why just SSH? Wouldn't auditd execve syscall logs sent to a logstash server be better? It'd handle compromises other than SSH too.
1 comments
_yy
3808 days ago
Yes - though there's more to a SSH session than executing commands (interacting with interactive editors, port forwarding, etc.)
link