pam_tty_audit
Pieter Baele
pieter.baele at gmail.com
Wed Dec 12 06:45:48 UTC 2012
Hi,
I've some problems configuring the pam_tty_audit module:
In which pam.d files do I need to configure pam_tty_audit? (RHEL)
It seems system-auth is not enough.
Purpose: auditing root and a list of users according to a glob pattern.
I don't want to miss something (logging in from sudo, su -, console, ssh...)
(example here: root and "user1")
On RHEL6 I have
system-auth, su, su-l:
session required pam_tty_audit.so disable=* enable=root,user1
And for sudo open_only is recommended???
session required pam_tty_audit.so open_only enable=root,user1
But if user1 does log on, no commands are logged....
Any idea?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20121212/da4b0562/attachment.htm>
More information about the Linux-audit
mailing list