pam_tty_audit
Miloslav Trmac
mitr at redhat.com
Wed Dec 12 11:46:16 UTC 2012
Hello,
----- Original Message -----
> But if user1 does log on, no commands are logged....
Are you talking about TTY or USER_TTY records, and are you checking immediately after entering the command, or after exiting the session?
Unprivileged users are not allowed to send USER_TTY records as each command is entered, so the input read by unprivileged users is audited only when the (4 KB) buffer is flushed or the process (i.e. the shell) exits.
Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20121212/873d2773/attachment.htm>
More information about the Linux-audit
mailing list