Audit-0.6.3 released
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Feb 21 21:06:28 UTC 2005
On Mon, 21 Feb 2005 14:55:38 CST, Klaus Weidner said:
> Try the following:
>
> *** login
>
> session required pam_selinux.so close
> session required pam_stack.so service=system-auth
> session optional pam_console.so
> session required pam_audit.so
> session required pam_selinux.so multiple open
>
> *** sshd
>
> session required pam_stack.so service=system-auth
> session required pam_audit.so
And presumably similar for gdm if such is in use..
> > For that matter, it's unclear if I can just stick it in the system-auth
> > that gets included by everybody. Are there any cases where we *don't*
> > want it in there?
>
> You don't want a new login UID assigned if someone uses 'su', 'sudo' or
> equivalent (that's the entire point of having a login UID maintained
> separately), so putting it into system-auth is not a good idea.
Ahh.. I *knew* there was a reason, I just couldn't put my finger on it. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050221/3367e1cc/attachment.sig>
More information about the Linux-audit
mailing list