Hi,<br><br>I&#39;ve some problems configuring the pam_tty_audit module:<br>In which pam.d files do I need to configure pam_tty_audit? (RHEL)<br>It seems system-auth is not enough.<br><br>Purpose: auditing root and a list of users according to a glob pattern.<br>
I don&#39;t want to miss something (logging in from sudo, su -, console, ssh...)<br>(example here: root and &quot;user1&quot;)<br><br>On RHEL6 I have<br> <br>system-auth, su, su-l: <br>session   required pam_tty_audit.so disable=* enable=root,user1<br>
<br>And for sudo open_only is recommended???<br>session    required     pam_tty_audit.so open_only enable=root,user1<br><br>But if user1 does log on, no commands are logged....<br><br>Any idea?<br><br><br><br>