PCI-DSS: Log every root actions/keystrokes but avoid passwords
Steve Grubb
sgrubb at redhat.com
Tue Mar 12 21:09:15 UTC 2013
On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote:
> On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
> > ----- Original Message -----
> >
> > > I am resurrecting this old thread from last summer because I ran into
> > > the same issue and found the thread in the archives via Google. It
> > > would be very nice if everything could be logged except passwords.
> >
> > There is work being done. Sorry, I don't have more specifics as to
> > availability, perhaps others do.
>
> Hi Tracy,
>
> I'm actually working on that right now. I have a patch I am in the
> process of testing. It implements a new sysctl.
Why would this be done as a sysctl? Everything else in the audit system is
configured through the netlink API. I would think that we would want to have it
configured by the same pam module that we currently use to enable tty auditing.
So, why not make a new netlink command that pam can use?
> I'm working in the upstream kernel, so it will likely be available in Linus'
> git tree before anywhere else.
Normally audit patches are sent to this mail list for review. If there are no
objections then it can be pulled into an upstream tree.
-Steve
> After that, likely fedora, then RHEL, but I'm a bit new to that process.
>
> I don't see a reason why I couldn't post that patch here when I've got
> it ironed out.
More information about the Linux-audit
mailing list