PCI-DSS: Log every root actions/keystrokes but avoid passwords
Miloslav Trmac
mitr at redhat.com
Wed Mar 13 16:43:58 UTC 2013
----- Original Message -----
> > Please do post the patch here when you have it worked out as I am
> > very likely
> > to miss it in the flood of kernel patches when it goes to/from
> > Linus.
>
> Here you go. Given Steve's good question, this control method may
> change.
Isn't "icanon" _true_ when the data is echoed? This patch would allow dropping the echoed data (i.e. commands), not the non-echoed data (i.e. passwords).
(I might be mistaken and I haven't tested this.)
Mirek
More information about the Linux-audit
mailing list