support using pam_audit.so in "account" stack
Klaus Weidner
klaus at atsec.com
Tue Feb 22 17:00:00 UTC 2005
On Tue, Feb 22, 2005 at 04:25:35PM +1100, Leigh Purdie wrote:
> I'd also recommend including logout information - regardless of the fact
> that non-interactive access may still continue (eg:
> nohup /path/to/blah), it is pretty important for some organisations to
> be able to determine a users interactive login and logout times.
Don't misunderstand me - I'm not opposed to logout information and agree
that it can be helpful, but it's not required for CAPP compliance and is
misleading information if the users get moderately creative.
For some applications such as vsftpd the application code would need to
be changed to get a logout record - it pretty much requires that there is
a privileged process that monitors the session, and not all services are
structured that way
-Klaus
More information about the Linux-audit
mailing list