Re: pam_tty_audit bi-directional logging

> > > Is there any way to make pam_tty_audit log not only what the user > > > types but also what the server sends back? > > > > No, this is currently not possible. > > Impossible as in 1) what is already shipped can't do this, or 2) no amount > of code being added to the kernel can do this, or 3) for upstream > political reasons? Primarily 1), also 4) auditing output is a little more difficult because it's much more common to have a _lot_ of output (e.g. (find -name '*.c')), so TTY auditing should probably be able to throttle the TTY throughput. (In principle the same problem is with input as well - with a PTY I can cause massive amount of data to be audited - but it doesn't occur accidentally.)