Hi, I've some problems configuring the pam_tty_audit module: In which pam.d files do I need to configure pam_tty_audit? (RHEL) It seems system-auth is not enough.
Purpose: auditing root and a list of users according to a glob pattern. I don't want to miss something (logging in from sudo, su -, console, ssh...) (example here: root and "user1") On RHEL6 I have system-auth, su, su-l: session required pam_tty_audit.so disable=* enable=root,user1 And for sudo open_only is recommended??? session required pam_tty_audit.so open_only enable=root,user1 But if user1 does log on, no commands are logged.... Any idea?
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
