blob: f65762adbc128c4e719d0a52291597b5168f58be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id="pam_tty_audit">
<refmeta>
<refentrytitle>pam_tty_audit</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_tty_audit-name">
<refname>pam_tty_audit</refname>
<refpurpose>Enable or disable TTY auditing for specified users</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis id="pam_tty_audit-cmdsynopsis">
<command>pam_tty_audit.so</command>
<arg choice="opt">
disable=<replaceable>usernames</replaceable>
</arg>
<arg choice="opt">
enable=<replaceable>usernames</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="pam_tty_audit-description">
<title>DESCRIPTION</title>
<para>
The pam_tty_audit PAM module is used to enable or disable TTY auditing.
By default, the kernel does not audit input on any TTY.
</para>
</refsect1>
<refsect1 id="pam_tty_audit-options">
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>
<option>disable=<replaceable>usernames</replaceable></option>
</term>
<listitem>
<para>
For each user matching one of comma-separated
<option><replaceable>usernames</replaceable></option>, disable
TTY auditing. This overrides any previous <option>enable</option>
option for the same user name on the command line.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>enable=<replaceable>usernames</replaceable></option>
</term>
<listitem>
<para>
For each user matching one of comma-separated
<option><replaceable>usernames</replaceable></option>, enable
TTY auditing. This overrides any previous <option>disable</option>
option for the same user name on the command line.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_tty_audit-services">
<title>MODULE SERVICES PROVIDED</title>
<para>
Only the <emphasis remap='B'>session</emphasis> service is supported.
</para>
</refsect1>
<refsect1 id='pam_tty_audit-return_values'>
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_SESSION_ERR</term>
<listitem>
<para>
Error reading or modifying the TTY audit flag. See the system log
for more details.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
Success.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_tty_audit-examples'>
<title>EXAMPLES</title>
<para>
Audit all administrative actions.
<programlisting>
session required pam_tty_audit.so enable=root
</programlisting>
</para>
</refsect1>
<refsect1 id='pam_tty_audit-author'>
<title>AUTHOR</title>
<para>
pam_tty_audit was written by Miloslav Trmač
<mitr@redhat.com>.
</para>
</refsect1>
</refentry>
|