From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tracy Reed <treed@ultraviolet.org>
Subject: pam_tty_audit bi-directional logging
Date: Fri, 7 Jun 2013 14:40:32 -0700
Message-ID: <20130607214032.GC9819@tracyreed.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7709325276238312438=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.21])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id r57Leaho028196
	for <linux-audit@redhat.com>; Fri, 7 Jun 2013 17:40:37 -0400
Received: from mail.copilotco.com (mail.copilotco.com [216.105.40.123])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r57Leaqf029521
	for <linux-audit@redhat.com>; Fri, 7 Jun 2013 17:40:36 -0400
Received: from tracyreed.org (unknown [10.9.8.6])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.copilotco.com (Postfix) with ESMTP id 0140964C67
	for <linux-audit@redhat.com>; Fri,  7 Jun 2013 14:40:34 -0700 (PDT)
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============7709325276238312438==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Wb2PR/iViaceLh7x"
Content-Disposition: inline


--Wb2PR/iViaceLh7x
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Is there any way to make pam_tty_audit log not only what the user types but
also what the server sends back? Due to regulatory requirements We are
currently having to use proprietary, kludgy, unreliable bastion host
"solutions" to get full session logging. It seems like pam_tty_audit, being=
 in
the tty layer, would have access to everything going through the tty both s=
end
and receive but it looks like only commands typed are logged. Am I missing
something?

Thanks!

--=20
Tracy Reed

--Wb2PR/iViaceLh7x
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFRslNQBhSTPg0d/nQRApczAJ0eU2e3LPI6iNxufXD5tNnFgj7r+wCeN0N/
6TabIzOl3aPHoQD0pXg72Gs=
=qId0
-----END PGP SIGNATURE-----

--Wb2PR/iViaceLh7x--


--===============7709325276238312438==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============7709325276238312438==--