Audit filter by TTY
John Bambenek
jcb at bambenekconsulting.com
Fri Apr 26 17:03:17 UTC 2013
I would prefer a solution besides a keylogger that, among other things, happily captures passwords and stores them in the clear in logs.
On Apr 26, 2013, at 11:56 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Friday, April 26, 2013 10:07:56 AM John Bambenek wrote:
>> I was playing around and wanted to know if there is plans to allow audit
>> rule filters by TTY, or specifically filter when tty != (none) (i.e.
>> interactive login events).
>
> You can use the pam_tty_audit module to do that. There are no plans to
> configure this by auditctl.
>
> -Steve
More information about the Linux-audit
mailing list