So I am working on this fun project and I've been trying to setup logging for user commands for the past 3 days but nothing seems to work. So for the starters I use Ubuntu 22.04 which runs inside of a docker container. And the way this project works is u have a backend which has some configured endpoints which execute linux commands when called. Now I am trying to setup a logger so that admins can view the actions users do on the frontend.
Tried snoopy but I just couldn't understand it. Then I tried auditd but I couldn't even start it. In short it was recognized as service but when I tried starting it with $service auditd start, it just wouldn't start and I couldn't figure out why. Last one I tried was rsyslog which "works". Well kind of, when I run command $logger it logs but for some reason no matter what I do I can't make it to log all commands users run. I'll also mention that rsyslog is not recognized as a service in my implementation but I don't know why. So I have to start it with $rsyslogd command. Now I know that logging every command may not be optimal but its just a small project and I am trying to do it without a database.
So my question would be, did someone ran into the similar problem and knows how to make it work or perhaps know of any other ways to log user commands into a file?
Also, this solution didn't work as rsyslog is not recognized as service: How to log all Bash commands by all users on a server? Options which use systemctl also don't work as it is not recognized as command.
My Dockerfile looks like this if that helps:
FROM ubuntu:22.04
WORKDIR /data/app
COPY ./requirements.txt /data/app/requirements.txt
RUN apt update
RUN apt install -y build-essential libssl-dev libffi-dev python3 python3-dev python3-pip
RUN apt-get update; apt-get -y install curl
RUN pip3 install --no-cache-dir --upgrade -r /data/app/requirements.txt
RUN apt install -y bash
RUN apt install sudo
SHELL ["/bin/bash", "-c"]
COPY ./endpoints /data/app/endpoints
COPY ./jsons /data/app/jsons
COPY ./models /data/app/models
COPY ./modules_taken_from_jakub_kuska /data/app/modules_taken_from_jakub_kuska
COPY ./scripts /data/app/scripts
COPY ./temp_files /data/app/temp_files
COPY ./utils /data/app/utils
COPY ./main.py /data/app/main.py
COPY ./admins ../../etc/sudoers.d/
#COPY audit.rules /etc/audit/rules.d/audit.rules
RUN useradd -mU Company_bot && echo "Company_bot:HardPassword" | chpasswd && for group in end_users CEOs Management Workers;do groupadd ${group};done && usermod -aG end_users,CEOs,Management,Workers Company_bot && useradd -mU Admin && echo "Admin:Admin" | chpasswd && groupadd administrator && usermod -aG administrator Admin
CMD ["uvicorn", "main:app", "--reload", "--host", "0.0.0.0" , "--port", "8005"]
