On Tuesday, November 08, 2011 04:09:42 PM Frank Kruchio wrote: > Thanks Steve ! > > These are RHEL5 U7 however what happens if they ssh in, pam_tty_audit wont > work I think. > Since console login is disabled we are not thinking of using pam_tty_audit > or can you use it for ssh logins as well ?
Should work fine there. > if not, what are the options to trac users who share user ids ? Users can share UIDs, but just not login as that UID. They have to login with their own unique uid and then change to the shared account. Of course a cron job won't track the auid, though. But you can disable cron for the shared account. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
