public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed
* pam_tty_audit
@ 2012-12-12  6:45 Pieter Baele
  2012-12-12 11:46 ` pam_tty_audit Miloslav Trmac
  0 siblings, 1 reply; 2+ messages in thread
From: Pieter Baele @ 2012-12-12  6:45 UTC (permalink / raw)
  To: linux-audit


[-- Attachment #1.1: Type: text/plain, Size: 628 bytes --]

Hi,

I've some problems configuring the pam_tty_audit module:
In which pam.d files do I need to configure pam_tty_audit? (RHEL)
It seems system-auth is not enough.

Purpose: auditing root and a list of users according to a glob pattern.
I don't want to miss something (logging in from sudo, su -, console, ssh...)
(example here: root and "user1")

On RHEL6 I have

system-auth, su, su-l:
session   required pam_tty_audit.so disable=* enable=root,user1

And for sudo open_only is recommended???
session    required     pam_tty_audit.so open_only enable=root,user1

But if user1 does log on, no commands are logged....

Any idea?

[-- Attachment #1.2: Type: text/html, Size: 729 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]



^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-12-12 11:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-12  6:45 pam_tty_audit Pieter Baele
2012-12-12 11:46 ` pam_tty_audit Miloslav Trmac

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox