Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
- Original Message - I am resurrecting this old thread from last summer because I ran into the same issue and found the thread in the archives via Google. It would be very nice if everything could be logged except passwords. There is work being done. Sorry, I don't have more specifics as to availability, perhaps others do. Mirek -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote: - Original Message - I am resurrecting this old thread from last summer because I ran into the same issue and found the thread in the archives via Google. It would be very nice if everything could be logged except passwords. There is work being done. Sorry, I don't have more specifics as to availability, perhaps others do. Hi Tracy, I'm actually working on that right now. I have a patch I am in the process of testing. It implements a new sysctl. I'm working in the upstream kernel, so it will likely be available in Linus' git tree before anywhere else. After that, likely fedora, then RHEL, but I'm a bit new to that process. I don't see a reason why I couldn't post that patch here when I've got it ironed out. Mirek - RGB -- Richard Guy Briggs rbri...@redhat.com Senior Software Engineer AMER ENG Base Operating Systems Remote, Canada, Ottawa Voice: 1.647.777.2635 Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote: On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote: - Original Message - I am resurrecting this old thread from last summer because I ran into the same issue and found the thread in the archives via Google. It would be very nice if everything could be logged except passwords. There is work being done. Sorry, I don't have more specifics as to availability, perhaps others do. Hi Tracy, I'm actually working on that right now. I have a patch I am in the process of testing. It implements a new sysctl. Why would this be done as a sysctl? Everything else in the audit system is configured through the netlink API. I would think that we would want to have it configured by the same pam module that we currently use to enable tty auditing. So, why not make a new netlink command that pam can use? I'm working in the upstream kernel, so it will likely be available in Linus' git tree before anywhere else. Normally audit patches are sent to this mail list for review. If there are no objections then it can be pulled into an upstream tree. -Steve After that, likely fedora, then RHEL, but I'm a bit new to that process. I don't see a reason why I couldn't post that patch here when I've got it ironed out. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
On Tue, Mar 12, 2013 at 01:47:42PM PDT, Richard Guy Briggs spake thusly: I'm actually working on that right now. I have a patch I am in the process of testing. It implements a new sysctl. I'm working in the upstream kernel, so it will likely be available in Linus' git tree before anywhere else. After that, likely fedora, then RHEL, but I'm a bit new to that process. Wow, thanks! Always glad to see good security features/auditing being added to the kernel. Although I'm surprised a new sysctl was necessary and it couldn't all be done in auditd in userspace. I look forward to reading over the code to learn what into this. Please do post the patch here when you have it worked out as I am very likely to miss it in the flood of kernel patches when it goes to/from Linus. Thanks again! -- Tracy Reed -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit