[PATCH] auditd - TTY support for audisp-prelude
Matteo Sessa
matteo.sessa at dbmsrl.com
Fri Jun 17 15:10:41 UTC 2011
Hi all,
Attached is a patch for auditd to add support for TTY audits ( pam_tty_audit session module ) to audisp-prelude.
Alerts are reported with:
alert.classification.text = "Keylogger"
alert.assessment.impact.severity = LOW
and actual keystrokes carried on alert.additional_data.
Attached you will find also a basic python commandline script to query keylogger data from prelude database.
Hope it helps.
Matteo Sessa
IT Systems Administrator
D.B.M. srl
Via Enrico Noe, 23
20133 Milano (MI), Italy
Landline: (+39) 02-266005-21
Mobile: (+39) 334-6220662
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audisp-prelude-tty.patch
Type: text/x-patch
Size: 7669 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110617/bd9b20b3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: preludetty.py
Type: text/x-python
Size: 4240 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110617/bd9b20b3/attachment.py>
More information about the Linux-audit
mailing list