Re: Audit filter by TTY
I would prefer a solution besides a keylogger that, among other things, happily captures
passwords and stores them in the clear in logs.
On Apr 26, 2013, at 11:56 AM, Steve Grubb <sgrubb(a)redhat.com> wrote:
On Friday, April 26, 2013 10:07:56 AM John Bambenek wrote:
> I was playing around and wanted to know if there is plans to allow audit
> rule filters by TTY, or specifically filter when tty != (none) (i.e.
> interactive login events).
You can use the pam_tty_audit module to do that. There are no plans to
configure this by auditctl.
-Steve