From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
Date: Tue, 12 Mar 2013 17:09:15 -0400
Message-ID: <2068407.HX16znPkJh@x2>
References: <20130311194855.GQ4555@tracyreed.org>
	<772443219.6157356.1363086419594.JavaMail.root@redhat.com>
	<20130312204742.GD23106@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20130312204742.GD23106@madcap2.tricolour.ca>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tuesday, March 12, 2013 04:47:42 PM Richard Guy Briggs wrote:
> On Tue, Mar 12, 2013 at 07:06:59AM -0400, Miloslav Trmac wrote:
> > ----- Original Message -----
> > 
> > > I am resurrecting this old thread from last summer because I ran into
> > > the same issue and found the thread in the archives via Google. It
> > > would be very nice if everything could be logged except passwords.
> > 
> > There is work being done.  Sorry, I don't have more specifics as to
> > availability, perhaps others do.
> 
> Hi Tracy,
> 
> I'm actually working on that right now.  I have a patch I am in the
> process of testing.  It implements a new sysctl.

Why would this be done as a sysctl? Everything else in the audit system is 
configured through the netlink API. I would think that we would want to have it 
configured by the same pam module that we currently use to enable tty auditing. 
So, why not make a new netlink command that pam can use?


> I'm working in the upstream kernel, so it will likely be available in Linus'
> git tree before anywhere else.

Normally audit patches are sent to this mail list for review. If there are no 
objections then it can be pulled into an upstream tree.

-Steve

> After that, likely fedora, then RHEL, but I'm a bit new to that process.
> 
> I don't see a reason why I couldn't post that patch here when I've got
> it ironed out.