[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tty_audit



Hello,

But if user1 does log on, no commands are logged....

Are you talking about TTY or USER_TTY records, and are you checking immediately after entering the command, or after exiting the session?

Unprivileged users are not allowed to send USER_TTY records as each command is entered, so the input read by unprivileged users is audited only when the (4 KB) buffer is flushed or the process (i.e. the shell) exits.
    Mirek

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]