Which SSH Commands should be prioritized for monitoring in PAM?

There is a list of commom critical Linux commands from FIT2CLOUD company.

In Jumpserver you can add single commands or command sets for:

• auditing

• allow to execute

• warning about execution

• blocking

You can warn or block ussage of any commands for different devices, different users, different accounts

Common High-Risk Commands:

rm
rmdir
chattr
su
visudo
sudo
shutdown
halt
poweroff
init 0
reboot
init 6

Disk and File System Commands:

mount
umount
fdisk
parted
mkfs
mkswap
swapon
swapoff

User Management Commands:

useradd
adduser
usermod
userdel
passwd
groupadd
groupdel
chage

Network Adapter Commands:

ifup
ifdown
numtui
vi /etc/sysconfig/network-scripts/ifcfg-*

Permission Modification Commands:

chmod
chown
chgrp

Additional Important Commands:

alias
unalias
history
export
unset
kill
killall
pkill