From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tracy Reed <treed@ultraviolet.org>
Subject: Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
Date: Wed, 13 Mar 2013 13:24:09 -0700
Message-ID: <20130313202409.GY4555@tracyreed.org>
References: <20130311194855.GQ4555@tracyreed.org>
	<772443219.6157356.1363086419594.JavaMail.root@redhat.com>
	<20130312204742.GD23106@madcap2.tricolour.ca>
	<2068407.HX16znPkJh@x2>
	<20130313145529.GE23106@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4135916304471931112=="
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20130313145529.GE23106@madcap2.tricolour.ca>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============4135916304471931112==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="HJ7DkX9BXQhna2ov"
Content-Disposition: inline


--HJ7DkX9BXQhna2ov
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 13, 2013 at 07:55:29AM PDT, Richard Guy Briggs spake thusly:
> I haven't seen a lot of requests for this feature yet, but it sounds
> like there could be a lot of interest, so it may be worth doing
> correctly, rather than as a quick fix.

As people become more security-aware and implement PCI/HIPAA/FISMA and other
regulatory regimes (which are why I'm here) they will be asking for more
auditing capability, especially in the area of console/tty logging where Li=
nux
has historically been weak. Writing out passwords to logfiles is simply not=
 an
option. We are currently looking at Xceedium for auditing/logging our basti=
on
hosts but would really prefer to avoid that route if auditd or some other L=
inux
component could handle that for us.

--=20
Tracy Reed

--HJ7DkX9BXQhna2ov
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFRQOBpBhSTPg0d/nQRApSrAJwJf2Yp3x+1itlM0Y43F3LN9mb+AACgtkkm
zK5JkeRrCgU2bkxuecgQbN4=
=Pbmq
-----END PGP SIGNATURE-----

--HJ7DkX9BXQhna2ov--


--===============4135916304471931112==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============4135916304471931112==--