pam_tty_audit icanon log switch
Miloslav Trmac
mitr at redhat.com
Fri Mar 22 16:05:49 UTC 2013
----- Original Message -----
> Most commands are entered one line at a time and processed as complete
> lines in non-canonical mode. Commands that interactively require a
> password, enter canonical mode to do this. This feature (icanon) can be
> used to avoid logging passwords by audit while still logging the rest of
> the command.
There was an earlier discussion about the correctness of using ICANON for this. Is ICANON really the right variable?
AFAICT the seeings are used like this:
(cat) and other programs that just take standard input: ICANON && ECHO
(bash), (vi) and other interactive programs: !ICANON && !ECHO
password prompts: ICANON && !ECHO
and we want to exclude only password prompts.
Mirk
More information about the Linux-audit
mailing list