PCI-DSS: Log every root actions/keystrokes but avoid passwords

[Tracy Reed]

On Tue, Mar 12, 2013 at 01:47:42PM PDT, Richard Guy Briggs spake thusly:
> I'm actually working on that right now.  I have a patch I am in the
> process of testing.  It implements a new sysctl.  I'm working in
> the upstream kernel, so it will likely be available in Linus' git tree
> before anywhere else.  After that, likely fedora, then RHEL, but I'm a
> bit new to that process.

Wow, thanks! Always glad to see good security features/auditing being added to
the kernel. Although I'm surprised a new sysctl was necessary and it couldn't
all be done in auditd in userspace. I look forward to reading over the code to
learn what into this.

Please do post the patch here when you have it worked out as I am very likely
to miss it in the flood of kernel patches when it goes to/from Linus.

Thanks again!

-- 
Tracy Reed