Even better. Thanks. On Apr 26, 2013, at 12:14 PM, Steve Grubb <[email protected]> wrote:
> On Friday, April 26, 2013 12:03:17 PM John Bambenek wrote: >> I would prefer a solution besides a keylogger that, among other things, >> happily captures passwords and stores them in the clear in logs. > > That is being worked on: > https://www.redhat.com/archives/linux-audit/2013-March/msg00050.html > > The patch still isn't ready, but it will be configured by pam_tty_audit. > > -Steve > >> On Apr 26, 2013, at 11:56 AM, Steve Grubb <[email protected]> wrote: >>> On Friday, April 26, 2013 10:07:56 AM John Bambenek wrote: >>>> I was playing around and wanted to know if there is plans to allow audit >>>> rule filters by TTY, or specifically filter when tty != (none) (i.e. >>>> interactive login events). >>> >>> You can use the pam_tty_audit module to do that. There are no plans to >>> configure this by auditctl. >>> >>> -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
