This is correct. The problem is, this records every keystrokes and even the password of the users. While I only care about the user command history, I surely do not want to know their passwords.
On Sun, Oct 6, 2013 at 2:40 PM, Trevor Vaughan <[email protected]>wrote: > Does pam_tty_audit with enable=* not do what you want? > > Trevor > > > On Sun, Oct 6, 2013 at 5:26 PM, zhu xiuming <[email protected]> wrote: > >> HI >> I know this seems an old topic. But unfortunately, I can't find a >> solution for this. I have googled long time. I tried following options: >> >> 1. audit execv syscall, >> this does record every command typed any tty. However, it generates >> lots of noise. Sometimes, the execv syscall is so frequently called that >> the system can't afford to log every call of it and it crashes !!! >> >> 2. use *pam_tty_audit.so >> * >> this makes it possible to record one or two users, not all users. * >> * >> So, may I ask, is this problem solvable by auditd or do I need other >> tools ?* >> >> * >> *Thanks a lot >> * >> * >> * >> >> -- >> Linux-audit mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/linux-audit >> > > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > [email protected] > > -- This account not approved for unencrypted proprietary information -- >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
