On 2018-02-19 16:52, john doe wrote:
Isn't pam enough?: https://linux.die.net/man/8/pam No need to install anything and it's quite versatile.
Yes, this is in line with the other suggested options such as snoopy or pam_tty_audit. It could work as audit system, but it seems to me as a solution for more structured and corporate environment. In the described case I would like a solution that store record the session in a safe way, immutable and trustable, therefore encrypting all (only the owners have to be able to read it) and hosted on a read only resource (the user who logins should not be able to delete it) and provable (signed). I think that with pam there is the risk that a user with full access right could easily delete all the logs. Or that the log could be altered after.