From: Richard Guy Briggs <rgb@redhat.com>
To: Miloslav Trmac <mitr@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
Date: Wed, 13 Mar 2013 12:53:27 -0400 [thread overview]
Message-ID: <20130313165327.GG23106@madcap2.tricolour.ca> (raw)
In-Reply-To: <1915900671.7033767.1363193038284.JavaMail.root@redhat.com>
On Wed, Mar 13, 2013 at 12:43:58PM -0400, Miloslav Trmac wrote:
> ----- Original Message -----
> > > Please do post the patch here when you have it worked out as I am
> > > very likely
> > > to miss it in the flood of kernel patches when it goes to/from
> > > Linus.
> >
> > Here you go. Given Steve's good question, this control method may
> > change.
>
> Isn't "icanon" _true_ when the data is echoed? This patch would allow
> dropping the echoed data (i.e. commands), not the non-echoed data
> (i.e. passwords).
> (I might be mistaken and I haven't tested this.)
Apparently not. This is what took me longer than I initially thought
necessary to get this working, rechecking my pam incantations along the
way. I went back and actually removed my switch and just isolated
icanon in the decision to abort the function to confirm how it worked,
then inverted the test which is when it started working. Eric was right
to start with.
> Mirek
- RGB
--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer
AMER ENG Base Operating Systems
Remote, Canada, Ottawa
Voice: 1.647.777.2635
Internal: (81) 32635
next prev parent reply other threads:[~2013-03-13 16:53 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-11 19:48 PCI-DSS: Log every root actions/keystrokes but avoid passwords Tracy Reed
2013-03-12 11:06 ` Miloslav Trmac
2013-03-12 20:47 ` Richard Guy Briggs
2013-03-12 21:09 ` Steve Grubb
2013-03-13 14:55 ` Richard Guy Briggs
2013-03-13 15:59 ` Steve Grubb
2013-03-13 20:24 ` Tracy Reed
2013-03-12 21:09 ` Tracy Reed
2013-03-13 16:26 ` Richard Guy Briggs
2013-03-13 16:43 ` Miloslav Trmac
2013-03-13 16:53 ` Richard Guy Briggs [this message]
2013-03-13 17:37 ` Miloslav Trmac
2013-03-14 14:56 ` Richard Guy Briggs
-- strict thread matches above, loose matches on Subject: below --
2012-07-10 7:29 Florian Crouzat
2012-07-12 19:41 ` Thugzclub
2012-07-13 8:14 ` Florian Crouzat
2012-07-13 13:27 ` Steve Grubb
2012-07-13 13:50 ` Florian Crouzat
2012-07-13 14:11 ` Valentin Avram
2012-07-13 14:23 ` Miloslav Trmac
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130313165327.GG23106@madcap2.tricolour.ca \
--to=rgb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=mitr@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox