1PAM_TTY_AUDIT(8) Linux-PAM Manual PAM_TTY_AUDIT(8)
2
6 pam_tty_audit - Enable or disable TTY auditing for specified users
7
9 pam_tty_audit.so [disable=patterns] [enable=patterns]
10
12 The pam_tty_audit PAM module is used to enable or disable TTY auditing.
13 By default, the kernel does not audit input on any TTY.
14
16 disable=patterns
17 For each user matching one of comma-separated glob patterns,
18 disable TTY auditing. This overrides any previous enable option
19 matching the same user name on the command line.
20 enable=patterns
22 For each user matching one of comma-separated glob patterns, enable
23 TTY auditing. This overrides any previous disable option matching
24 the same user name on the command line.
25 open_only
27 Set the TTY audit flag when opening the session, but do not restore
28 it when closing the session. Using this option is necessary for
29 some services that don´t fork() to run the authenticated session,
30 such as sudo.
31
33 Only the session type is supported.
34
36 PAM_SESSION_ERR
37 Error reading or modifying the TTY audit flag. See the system log
38 for more details.
39 PAM_SUCCESS
41 Success.
42
44 When TTY auditing is enabled, it is inherited by all processes started
45 by that user. In particular, daemons restarted by an user will still
46 have TTY auditing enabled, and audit TTY input even by other users
47 unless auditing for these users is explicitly disabled. Therefore, it
48 is recommended to use disable=* as the first option for most daemons
49 using PAM.
50 To view the data that was logged by the kernel to audit use the command
52 aureport --tty.
53
55 Audit all administrative actions.
56 session required pam_tty_audit.so disable=* enable=root
58
62 aureport(8), pam.conf(5), pam.d(5), pam(8)
63
65 pam_tty_audit was written by Miloslav Trmač <mitr@redhat.com>.
66Linux-PAM Manual 11/04/2009 PAM_TTY_AUDIT(8)