From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
Date: Tue, 12 Mar 2013 17:09:15 -0400 [thread overview]
Message-ID: <2068407.HX16znPkJh@x2> (raw)
In-Reply-To: <20130312204742.GD23106@madcap2.tricolour.ca>
On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote:
> On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
> > ----- Original Message -----
> >
> > > I am resurrecting this old thread from last summer because I ran into
> > > the same issue and found the thread in the archives via Google. It
> > > would be very nice if everything could be logged except passwords.
> >
> > There is work being done. Sorry, I don't have more specifics as to
> > availability, perhaps others do.
>
> Hi Tracy,
>
> I'm actually working on that right now. I have a patch I am in the
> process of testing. It implements a new sysctl.
Why would this be done as a sysctl? Everything else in the audit system is
configured through the netlink API. I would think that we would want to have it
configured by the same pam module that we currently use to enable tty auditing.
So, why not make a new netlink command that pam can use?
> I'm working in the upstream kernel, so it will likely be available in Linus'
> git tree before anywhere else.
Normally audit patches are sent to this mail list for review. If there are no
objections then it can be pulled into an upstream tree.
-Steve
> After that, likely fedora, then RHEL, but I'm a bit new to that process.
>
> I don't see a reason why I couldn't post that patch here when I've got
> it ironed out.
next prev parent reply other threads:[~2013-03-12 21:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-11 19:48 PCI-DSS: Log every root actions/keystrokes but avoid passwords Tracy Reed
2013-03-12 11:06 ` Miloslav Trmac
2013-03-12 20:47 ` Richard Guy Briggs
2013-03-12 21:09 ` Steve Grubb [this message]
2013-03-13 14:55 ` Richard Guy Briggs
2013-03-13 15:59 ` Steve Grubb
2013-03-13 20:24 ` Tracy Reed
2013-03-12 21:09 ` Tracy Reed
2013-03-13 16:26 ` Richard Guy Briggs
2013-03-13 16:43 ` Miloslav Trmac
2013-03-13 16:53 ` Richard Guy Briggs
2013-03-13 17:37 ` Miloslav Trmac
2013-03-14 14:56 ` Richard Guy Briggs
-- strict thread matches above, loose matches on Subject: below --
2012-07-10 7:29 Florian Crouzat
2012-07-12 19:41 ` Thugzclub
2012-07-13 8:14 ` Florian Crouzat
2012-07-13 13:27 ` Steve Grubb
2012-07-13 13:50 ` Florian Crouzat
2012-07-13 14:11 ` Valentin Avram
2012-07-13 14:23 ` Miloslav Trmac
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2068407.HX16znPkJh@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.