Re: pam_tty_audit bi-directional logging
----- Original Message -----
On Friday, June 07, 2013 06:48:18 PM Miloslav Trmač wrote:
> ----- Original Message -----
>
> > Is there any way to make pam_tty_audit log not only what the user types
> > but
> > also what the server sends back?
>
> No, this is currently not possible.
Impossible as in 1) what is already shipped can't do this, or 2) no amount of
code being added to the kernel can do this, or 3) for upstream political
reasons?
Primarily 1), also
4) auditing output is a little more difficult because it's much more common to have a
_lot_ of output (e.g. (find -name '*.c')), so TTY auditing should probably be able
to throttle the TTY throughput. (In principle the same problem is with input as well -
with a PTY I can cause massive amount of data to be audited - but it doesn't occur
accidentally.)
Mirek