diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 16:26:05 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:26:38 -0800 |
commit | 9c52e721044e7501c3d4567b36d222dc7326224a (patch) | |
tree | 9011790770130c60a712a6f125ad50d60e07cc74 /modules/pam_tty_audit/README | |
parent | 9727ff2a3fa0e94a42b34a579027bacf4146d571 (diff) | |
parent | 186ff16e8d12ff15d518000c17f115ccab5275a4 (diff) |
New upstream version 1.0.1
Diffstat (limited to 'modules/pam_tty_audit/README')
-rw-r--r-- | modules/pam_tty_audit/README | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/modules/pam_tty_audit/README b/modules/pam_tty_audit/README new file mode 100644 index 00000000..ed9369e3 --- /dev/null +++ b/modules/pam_tty_audit/README @@ -0,0 +1,48 @@ +pam_tty_audit — Enable or disable TTY auditing for specified users + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +The pam_tty_audit PAM module is used to enable or disable TTY auditing. By +default, the kernel does not audit input on any TTY. + +OPTIONS + +disable=patterns + + For each user matching one of comma-separated glob patterns, disable TTY + auditing. This overrides any previous enable option matchin the same user + name on the command line. + +enable=patterns + + For each user matching one of comma-separated glob patterns, enable TTY + auditing. This overrides any previous disable option matching the same user + name on the command line. + +open_only + + Set the TTY audit flag when opening the session, but do not restore it when + closing the session. Using this option is necessary for some services that + don't fork() to run the authenticated session, such as sudo. + +NOTES + +When TTY auditing is enabled, it is inherited by all processes started by that +user. In particular, daemons restarted by an user will still have TTY auditing +enabled, and audit TTY input even by other users unless auditing for these +users is explicitly disabled. Therefore, it is recommended to use disable=* as +the first option for most daemons using PAM. + +EXAMPLES + +Audit all administrative actions. + +session required pam_tty_audit.so disable=* enable=root + + +AUTHOR + +pam_tty_audit was written by Miloslav Trmač <mitr@redhat.com>. + |