Hi, Has the log_passwd feature been backported to RHEL6.4 ?
Regards, Shinoj. >> > > >> > > The log_passwd feature has not been backported to RHEL5 because >> > > the pam_tty_audit feature wasn't backported to RHEL5, so I would >> > > have to >> say >> > > it is not supported in your system. >> > > >> > > An upgrade is necessary. >> > > >> > > > On Mon, Oct 7, 2013 at 8:13 PM, Richard Guy Briggs >> > > > <[email protected]> >> > > >> > > wrote: >> > > > > On Mon, Oct 07, 2013 at 10:30:24AM -0700, zhu xiuming wrote: >> > > > > > This is correct. The problem is, this records every >> > > > > > keystrokes >> and >> > > >> > > even >> > > >> > > > > > the password of the users. While I only care about the user >> command >> > > > > > history, I surely do not want to know their passwords. >> > > > > >> > > > > There is now support in the upstream kernel (3.10-rc1) and in >> > > > > pam >> > > > > (1.1.8+) to not record passwords by default. If you want the >> > > > > old behaviour, add the optional argument to pam_tty_audit: >> > > > > "log_passwd" >> > > > > >> > > > > > On Sun, Oct 6, 2013 at 2:40 PM, Trevor Vaughan < >> > > >> > > [email protected] >> > > >> > > > > >wrote: >> > > > > > > Does pam_tty_audit with enable=* not do what you want? >> > > > > > > >> > > > > > > Trevor >> > > > > > > >> > > > > > > On Sun, Oct 6, 2013 at 5:26 PM, zhu xiuming < >> [email protected]> >> > > > > >> > > > > wrote: >> > > > > > >> HI >> > > > > > >> I know this seems an old topic. But unfortunately, I >> > > > > > >> can't >> find a >> > > > > > >> solution for this. I have googled long time. I tried >> > > > > > >> following >> > > > > >> > > > > options: >> > > > > > >> 1. audit execv syscall, >> > > > > > >> >> > > > > > >> this does record every command typed any tty. >> > > > > > >> However, it >> > > > > >> > > > > generates >> > > > > >> > > > > > >> lots of noise. Sometimes, the execv syscall is so >> > > > > > >> frequently >> > > >> > > called >> > > >> > > > > that >> > > > > >> > > > > > >> the system can't afford to log every call of it and it >> > > > > > >> crashes !!! >> > > > > > >> >> > > > > > >> 2. use *pam_tty_audit.so >> > > > > > >> * >> > > > > > >> this makes it possible to record one or two users, not >> > > > > > >> all >> users. >> > > >> > > * >> > > >> > > > > > >> * >> > > > > > >> So, may I ask, is this problem solvable by auditd or do >> > > > > > >> I need >> > > >> > > other >> > > >> > > > > > >> tools ?* >> > > > > > >> >> > > > > > >> * >> > > > > > >> *Thanks a lot >> > > > > > > >> > > > > > > Trevor Vaughan >> > > > > >> > > > > - RGB >> > > >> > > - RGB >> > > >> > > -- >> > > Richard Guy Briggs <[email protected]> Senior Software Engineer >> > > Kernel Security AMER ENG Base Operating Systems Remote, Ottawa, >> > > Canada >> > > Voice: +1.647.777.2635 >> > > Internal: (81) 32635 >> > > Alt: +1.613.693.0684x3545**** >> >> ** ** >> > >-- >Linux-audit mailing list >[email protected] >https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
