diff options
Diffstat (limited to 'modules/pam_tty_audit/pam_tty_audit.8')
| -rw-r--r-- | modules/pam_tty_audit/pam_tty_audit.8 | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/modules/pam_tty_audit/pam_tty_audit.8 b/modules/pam_tty_audit/pam_tty_audit.8 new file mode 100644 index 00000000..9666bb18 --- /dev/null +++ b/modules/pam_tty_audit/pam_tty_audit.8 @@ -0,0 +1,102 @@ +'\" t +.\" Title: pam_tty_audit +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> +.\" Date: 11/04/2009 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_TTY_AUDIT" "8" "11/04/2009" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_tty_audit \- Enable or disable TTY auditing for specified users +.SH "SYNOPSIS" +.HP \w'\fBpam_tty_audit\&.so\fR\ 'u +\fBpam_tty_audit\&.so\fR [disable=\fIpatterns\fR] [enable=\fIpatterns\fR] +.SH "DESCRIPTION" +.PP +The pam_tty_audit PAM module is used to enable or disable TTY auditing\&. By default, the kernel does not audit input on any TTY\&. +.SH "OPTIONS" +.PP +\fBdisable=\fR\fB\fIpatterns\fR\fR +.RS 4 +For each user matching one of comma\-separated glob +\fB\fIpatterns\fR\fR, disable TTY auditing\&. This overrides any previous +\fBenable\fR +option matching the same user name on the command line\&. +.RE +.PP +\fBenable=\fR\fB\fIpatterns\fR\fR +.RS 4 +For each user matching one of comma\-separated glob +\fB\fIpatterns\fR\fR, enable TTY auditing\&. This overrides any previous +\fBdisable\fR +option matching the same user name on the command line\&. +.RE +.PP +\fBopen_only\fR +.RS 4 +Set the TTY audit flag when opening the session, but do not restore it when closing the session\&. Using this option is necessary for some services that don\'t +\fBfork()\fR +to run the authenticated session, such as +\fBsudo\fR\&. +.RE +.SH "MODULE TYPES PROVIDED" +.PP +Only the +\fBsession\fR +type is supported\&. +.SH "RETURN VALUES" +.PP +PAM_SESSION_ERR +.RS 4 +Error reading or modifying the TTY audit flag\&. See the system log for more details\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +Success\&. +.RE +.SH "NOTES" +.PP +When TTY auditing is enabled, it is inherited by all processes started by that user\&. In particular, daemons restarted by an user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\&. Therefore, it is recommended to use +\fBdisable=*\fR +as the first option for most daemons using PAM\&. +.PP +To view the data that was logged by the kernel to audit use the command +\fBaureport \-\-tty\fR\&. +.SH "EXAMPLES" +.PP +Audit all administrative actions\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +session required pam_tty_audit\&.so disable=* enable=root + +.fi +.if n \{\ +.RE +.\} +.sp +.SH "SEE ALSO" +.PP + +\fBaureport\fR(8), +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_tty_audit was written by Miloslav Trmač <mitr@redhat\&.com>\&. |