On Tue, Feb 22, 2005 at 04:25:35PM +1100, Leigh Purdie wrote:
I'd also recommend including logout information - regardless of
the fact
that non-interactive access may still continue (eg:
nohup /path/to/blah), it is pretty important for some organisations to
be able to determine a users interactive login and logout times.
Don't misunderstand me - I'm not opposed to logout information and agree
that it can be helpful, but it's not required for CAPP compliance and is
misleading information if the users get moderately creative.
For some applications such as vsftpd the application code would need to
be changed to get a logout record - it pretty much requires that there is
a privileged process that monitors the session, and not all services are
structured that way
-Klaus