[PATCH] auditd - TTY support for audisp-prelude

Hi all, Attached is a patch for auditd to add support for TTY audits ( pam_tty_audit session module ) to audisp-prelude. Alerts are reported with: alert.classification.text = "Keylogger" alert.assessment.impact.severity = LOW and actual keystrokes carried on alert.additional_data. Attached you will find also a basic python commandline script to query keylogger data from prelude database. Hope it helps. Matteo Sessa IT Systems Administrator D.B.M. srl Via Enrico Noe, 23 20133 Milano (MI), Italy Landline: (+39) 02-266005-21 Mobile: (+39) 334-6220662