Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote:
On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
> ----- Original Message -----
>
> > I am resurrecting this old thread from last summer because I ran into
> > the same issue and found the thread in the archives via Google. It
> > would be very nice if everything could be logged except passwords.
>
> There is work being done. Sorry, I don't have more specifics as to
> availability, perhaps others do.
Hi Tracy,
I'm actually working on that right now. I have a patch I am in the
process of testing. It implements a new sysctl.
Why would this be done as a sysctl? Everything else in the audit system is
configured through the netlink API. I would think that we would want to have it
configured by the same pam module that we currently use to enable tty auditing.
So, why not make a new netlink command that pam can use?
I'm working in the upstream kernel, so it will likely be
available in Linus'
git tree before anywhere else.
Normally audit patches are sent to this mail list for review. If there are no
objections then it can be pulled into an upstream tree.
-Steve
After that, likely fedora, then RHEL, but I'm a bit new to that
process.
I don't see a reason why I couldn't post that patch here when I've got
it ironed out.