diff options
Diffstat (limited to 'modules/pam_tty_audit/README')
-rw-r--r-- | modules/pam_tty_audit/README | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/modules/pam_tty_audit/README b/modules/pam_tty_audit/README index 83e58c3a..ac947a32 100644 --- a/modules/pam_tty_audit/README +++ b/modules/pam_tty_audit/README @@ -11,15 +11,15 @@ OPTIONS disable=patterns - For each user matching one of comma-separated glob patterns, disable TTY - auditing. This overrides any previous enable option matching the same user - name on the command line. + For each user matching patterns, disable TTY auditing. This overrides any + previous enable option matching the same user name on the command line. See + NOTES for further description of patterns. enable=patterns - For each user matching one of comma-separated glob patterns, enable TTY - auditing. This overrides any previous disable option matching the same user - name on the command line. + For each user matching patterns, enable TTY auditing. This overrides any + previous disable option matching the same user name on the command line. + See NOTES for further description of patterns. open_only @@ -45,6 +45,11 @@ the first option for most daemons using PAM. To view the data that was logged by the kernel to audit use the command aureport --tty. +The patterns are comma separated lists of glob patterns or ranges of uids. A +range is specified as min_uid:max_uid where one of these values can be empty. +If min_uid is empty only user with the uid max_uid will be matched. If max_uid +is empty users with the uid greater than or equal to min_uid will be matched. + EXAMPLES Audit all administrative actions. |