Audit filter by TTY
Steve Grubb
sgrubb at redhat.com
Fri Apr 26 17:14:13 UTC 2013
On Friday, April 26, 2013 12:03:17 PM John Bambenek wrote:
> I would prefer a solution besides a keylogger that, among other things,
> happily captures passwords and stores them in the clear in logs.
That is being worked on:
https://www.redhat.com/archives/linux-audit/2013-March/msg00050.html
The patch still isn't ready, but it will be configured by pam_tty_audit.
-Steve
> On Apr 26, 2013, at 11:56 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> > On Friday, April 26, 2013 10:07:56 AM John Bambenek wrote:
> >> I was playing around and wanted to know if there is plans to allow audit
> >> rule filters by TTY, or specifically filter when tty != (none) (i.e.
> >> interactive login events).
> >
> > You can use the pam_tty_audit module to do that. There are no plans to
> > configure this by auditctl.
> >
> > -Steve
More information about the Linux-audit
mailing list