In windows, we can monitor executed command with various ways, such as monitoring process creations with a kernel driver callback and checking if the parent is CMD or powershell, then parsing its command line to see what command has been executed.
My question is, how to do this in linux? meaning how can i write a program that monitors every executed command in most of the common shells such as bin/sh, and blocks certain commands from getting executed via command line?
Is this possible with a user-mode app? if not, then how about a kernel module?
Source: Windows Questions