On Friday, April 26, 2013 10:07:56 AM John Bambenek wrote: > I was playing around and wanted to know if there is plans to allow audit > rule filters by TTY, or specifically filter when tty != (none) (i.e. > interactive login events). You can use the pam_tty_audit module to do that. There are no plans to configure this by auditctl. -Steve

On Friday, April 26, 2013 12:03:17 PM John Bambenek wrote: > I would prefer a solution besides a keylogger that, among other things, > happily captures passwords and stores them in the clear in logs. That is being worked on: https://www.redhat.com/archives/linux-audit/2013-March/msg00050.html The patch still isn't ready, but it will be configured by pam_tty_audit. -Steve > On Apr 26, 2013, at 11:56 AM, Steve Grubb <sgrubb(a)redhat.com&gt; wrote: >> On Friday, April 26, 2013 10:07:56 AM John Bambenek wrote: >>> I was playing around and wanted to know if there is plans to allow audit >>> rule filters by TTY, or specifically filter when tty != (none) (i.e. >>> interactive login events). >> >> You can use the pam_tty_audit module to do that. There are no plans to >> configure this by auditctl. >> >> -Steve