On Tue, Mar 12, 2013 at 05:09:15PM -0400, Steve Grubb wrote:
On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote:
On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
- Original Message -
I am resurrecting this old thread from last summer because I ran
On Wednesday, March 13, 2013 10:55:29 AM Richard Guy Briggs wrote:
On Tue, Mar 12, 2013 at 05:09:15PM -0400, Steve Grubb wrote:
On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote:
On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
- Original Message -
- Original Message -
Please do post the patch here when you have it worked out as I am
very likely
to miss it in the flood of kernel patches when it goes to/from
Linus.
Here you go. Given Steve's good question, this control method may
change.
Isn't icanon _true_ when the data
On Wed, Mar 13, 2013 at 12:43:58PM -0400, Miloslav Trmac wrote:
- Original Message -
Please do post the patch here when you have it worked out as I am
very likely
to miss it in the flood of kernel patches when it goes to/from
Linus.
Here you go. Given Steve's good
- Original Message -
On Wed, Mar 13, 2013 at 12:43:58PM -0400, Miloslav Trmac wrote:
- Original Message -
Please do post the patch here when you have it worked out as I
am
very likely
to miss it in the flood of kernel patches when it goes to/from
Linus.
On Wed, Mar 13, 2013 at 07:55:29AM PDT, Richard Guy Briggs spake thusly:
I haven't seen a lot of requests for this feature yet, but it sounds
like there could be a lot of interest, so it may be worth doing
correctly, rather than as a quick fix.
As people become more security-aware and
- Original Message -
I am resurrecting this old thread from last summer because I ran into the same
issue and found the thread in the archives via Google. It would be very nice
if
everything could be logged except passwords.
There is work being done. Sorry, I don't have more
On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
- Original Message -
I am resurrecting this old thread from last summer because I ran into the
same
issue and found the thread in the archives via Google. It would be very
nice if
everything could be logged except
On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote:
On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
- Original Message -
I am resurrecting this old thread from last summer because I ran into
the same issue and found the thread in the archives via
On Tue, Mar 12, 2013 at 01:47:42PM PDT, Richard Guy Briggs spake thusly:
I'm actually working on that right now. I have a patch I am in the
process of testing. It implements a new sysctl. I'm working in
the upstream kernel, so it will likely be available in Linus' git tree
before anywhere
I am resurrecting this old thread from last summer because I ran into the same
issue and found the thread in the archives via Google. It would be very nice if
everything could be logged except passwords. Isn't the option for echo back set
in the tty settings? Could the pam module not log
On Monday, July 16, 2012 10:05:48 AM Florian Crouzat wrote:
Le 13/07/2012 19:09, Boyce, Kevin P (AS) a écrit :
Wouldn't another option be to audit the exec of particular executables you
are interested in knowing if someone runs? Obviously you won't know what
they are typing into text
Le 12/07/2012 21:41, Thugzclub a écrit :
Florian,
Did you get and answer for this?
Regards.
Not a single one.
Florian.
On 10 Jul 2012, at 08:29, Florian Crouzat gen...@floriancrouzat.net wrote:
Hi,
This is my first message to the list to please be indulgent, I might be mixing
Florian,
Did you get and answer for this?
Regards.
On 10 Jul 2012, at 08:29, Florian Crouzat gen...@floriancrouzat.net wrote:
Hi,
This is my first message to the list to please be indulgent, I might be
mixing concepts here between auditd, selinux and pam. Any guidance much
On Friday, July 13, 2012 10:14:59 AM Florian Crouzat wrote:
Le 12/07/2012 21:41, Thugzclub a écrit :
Florian,
Did you get and answer for this?
Regards.
Not a single one.
Hmm...I thought I sent an answer. The problem from the kernel's perspective is
that it has no idea what user
Le 13/07/2012 15:27, Steve Grubb a écrit :
Hmm...I thought I sent an answer. The problem from the kernel's perspective is
that it has no idea what user space is doing. It can't tell a password from
anything else being typed. There is a flag that can be set for the TTY to hide
characters. But
There is another way we used to pass PCI-DSS.
We use an audit rule to log all EXECVE happening on production servers,
rsyslog the logs to the remote centralized logs server, then parse the
audit logs there using a cron script and rebuild the commands issued on
each server by any user id.
Hope
Hello,
- Original Message -
Every keystroke are logged in /var/log/audit/audit.log which is great.
My only issue is that I just realized that prompt passwords are also
logged, eg MySQL password or Spacewalk, etc.
I can read them in plain text when doing aureport --tty -if
what you've got.
-Original Message-
From: linux-audit-boun...@redhat.com [mailto:linux-audit-boun...@redhat.com] On
Behalf Of Florian Crouzat
Sent: Friday, July 13, 2012 9:51 AM
To: Steve Grubb
Cc: Thugzclub; linux-audit@redhat.com
Subject: EXT :Re: PCI-DSS: Log every root actions
19 matches
Mail list logo
