Monthly Archives: January 2012

Linux tty auditing

Since RHEL 5.4, and in recent Fedora releases, it’s possible to audit what users type at their tty (command prompt), thanks to the work of Steve Grubb, a RedHat employee. Edit /etc/pam.d/system-auth and append the following, but not both: session required pam\_tty\_audit.so disable=\* enable=root session required pam\_tty\_audit.so enable=\* Wait for users to log in and […]