> -Message d'origine-
> De : Steve Grubb [mailto:sgr...@redhat.com]
> Envoyé : mardi 14 novembre 2017 14:53
> À : linux-audit@redhat.com
> Cc : Maupertuis Philippe
> Objet : Re: Strange behavior with pam_tty_audit
>
> Hello,
>
> On Tuesday, November 14,
Hello,
On Tuesday, November 14, 2017 8:29:34 AM EST Maupertuis Philippe wrote:
> The auditd rules for PCI reads :
> ## 10.2.2 Log administrative action. To meet this, you need to enable tty
> ## logging. The pam config below should be placed into su and sudo pam
> stacks. ## session required
Hi
The auditd rules for PCI reads :
## 10.2.2 Log administrative action. To meet this, you need to enable tty
## logging. The pam config below should be placed into su and sudo pam stacks.
## session required pam_tty_audit.so disable=* enable=root
I have noticed that nothing happened unless I
When is approximate timeframe of that functionality to be available to
suppress logging of passwords in an RH provided package?
Thanks,
J
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Mon, Jun 17, 2013 at 11:56:01AM -0500, John C. A. Bambenek, GCIH, CISSP
wrote:
When is approximate timeframe of that functionality to be available to
suppress logging of passwords in an RH provided package?
Since I'm new to the process, but I pulled it together, I'll take a stab
at
audit_tty_status passed in by pam_tty_audit
allows control of logging passwords per task.
Sorry for the long delay with review. Please see my comments below.
Ditto...
Please find a new patch at the end...
--- a/configure.in
+++ b/configure.in
@@ -386,6 +386,19 @@ if test x
- Original Message -
On Friday, June 07, 2013 06:48:18 PM Miloslav Trmač wrote:
- Original Message -
Is there any way to make pam_tty_audit log not only what the user types
but
also what the server sends back?
No, this is currently not possible.
Impossible
On Monday, June 10, 2013 11:48:15 AM Miloslav Trmač wrote:
Is there any way to make pam_tty_audit log not only what the user
types but also what the server sends back?
No, this is currently not possible.
Impossible as in 1) what is already shipped can't do this, or 2) no amount
Is there any way to make pam_tty_audit log not only what the user types but
also what the server sends back? Due to regulatory requirements We are
currently having to use proprietary, kludgy, unreliable bastion host
solutions to get full session logging. It seems like pam_tty_audit, being
- Original Message -
Is there any way to make pam_tty_audit log not only what the user types but
also what the server sends back?
No, this is currently not possible.
Mirek
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Fri, 2013-04-26 at 13:42 -0400, Richard Guy Briggs wrote:
On Fri, Mar 22, 2013 at 08:19:31AM +0100, Tomas Mraz wrote:
On Fri, 2013-03-22 at 01:46 -0400, Richard Guy Briggs wrote:
Hi folks,
There's been a couple of requests to add a switch to pam_tty_audit to
*not* log
- Original Message -
On Thu, Apr 18, 2013 at 03:31:36PM -0400, Miloslav Trmač wrote:
- Original Message -
I'm still convinced that icanon is not the correct condition, see
https://www.redhat.com/archives/linux-audit/2013-March/msg00052.html .
As I indicated in a previous
On Thu, Apr 18, 2013 at 03:31:36PM -0400, Miloslav Trmač wrote:
Hello,
Mirek,
- Original Message -
Full replacement patch:
I'm still convinced that icanon is not the correct condition, see
https://www.redhat.com/archives/linux-audit/2013-March/msg00052.html .
As I indicated in
On Fri, Mar 22, 2013 at 08:19:31AM +0100, Tomas Mraz wrote:
On Fri, 2013-03-22 at 01:46 -0400, Richard Guy Briggs wrote:
Hi folks,
There's been a couple of requests to add a switch to pam_tty_audit to
*not* log passwords when logging user commands.
Most commands are entered one
On Thu, Apr 18, 2013 at 04:07:08PM -0400, Richard Guy Briggs wrote:
On Thu, Apr 18, 2013 at 03:31:36PM -0400, Miloslav Trmač wrote:
Hello,
- Original Message -
Full replacement patch:
I'm still convinced that icanon is not the correct condition, see
On Thu, Apr 11, 2013 at 04:43:45PM -0400, Eric Paris wrote:
- Original Message -
Hi folks,
There's been a couple of requests to add a switch to pam_tty_audit to
*not* log passwords when logging user commands.
Here are two patches, the first to pam to add the switch
Hello,
- Original Message -
Full replacement patch:
I'm still convinced that icanon is not the correct condition, see
https://www.redhat.com/archives/linux-audit/2013-March/msg00052.html .
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 9f096f1..a863669
On Thu, Apr 18, 2013 at 03:31:36PM -0400, Miloslav Trmač wrote:
Hello,
- Original Message -
Full replacement patch:
I'm still convinced that icanon is not the correct condition, see
https://www.redhat.com/archives/linux-audit/2013-March/msg00052.html .
That's a seperate issue.
- Original Message -
Hi folks,
There's been a couple of requests to add a switch to pam_tty_audit to
*not* log passwords when logging user commands.
Here are two patches, the first to pam to add the switch to
the pam_tty_audit module. The second is to the kernel to add
On Fri, 2013-03-22 at 01:46 -0400, Richard Guy Briggs wrote:
Hi folks,
There's been a couple of requests to add a switch to pam_tty_audit to
*not* log passwords when logging user commands.
Most commands are entered one line at a time and processed as complete
lines in non-canonical mode
- Original Message -
Most commands are entered one line at a time and processed as complete
lines in non-canonical mode. Commands that interactively require a
password, enter canonical mode to do this. This feature (icanon) can be
used to avoid logging passwords by audit while still
Hello,
- Original Message -
But if user1 does log on, no commands are logged
Are you talking about TTY or USER_TTY records, and are you checking immediately
after entering the command, or after exiting the session?
Unprivileged users are not allowed to send USER_TTY records as
22 matches
Mail list logo