Página Principal Explorar Ajuda
Iniciar Sessão
8516
/
Test
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ramo: master
Ramos Etiquetas
Test
/
EVSE
/
GPL
/
linux-pam-1.5.2
/
modules
/
pam_tty_audit
/
pam_tty_audit.8

pam_tty_audit.8 4.5 KB
Link permanente Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. '\" t
    2. 

  2. .\"     Title: pam_tty_audit
    3. 

  3. .\"    Author: [see the "AUTHOR" section]
    4. 

  4. .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
    5. 

  5. .\"      Date: 09/03/2021
    6. 

  6. .\"    Manual: Linux-PAM Manual
    7. 

  7. .\"    Source: Linux-PAM Manual
    8. 

  8. .\"  Language: English
    9. 

  9. .\"
    10. 

  10. .TH "PAM_TTY_AUDIT" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
    11. 

  11. .\" -----------------------------------------------------------------
    12. 

  12. .\" * Define some portability stuff
    13. 

  13. .\" -----------------------------------------------------------------
    14. 

  14. .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    15. 

  15. .\" http://bugs.debian.org/507673
    16. 

  16. .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
    17. 

  17. .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    18. 

  18. .ie \n(.g .ds Aq \(aq
    19. 

  19. .el       .ds Aq '
    20. 

  20. .\" -----------------------------------------------------------------
    21. 

  21. .\" * set default formatting
    22. 

  22. .\" -----------------------------------------------------------------
    23. 

  23. .\" disable hyphenation
    24. 

  24. .nh
    25. 

  25. .\" disable justification (adjust text to left margin only)
    26. 

  26. .ad l
    27. 

  27. .\" -----------------------------------------------------------------
    28. 

  28. .\" * MAIN CONTENT STARTS HERE *
    29. 

  29. .\" -----------------------------------------------------------------
    30. 

  30. .SH "NAME"
    31. 

  31. pam_tty_audit \- Enable or disable TTY auditing for specified users
    32. 

  32. .SH "SYNOPSIS"
    33. 

  33. .HP \w'\fBpam_tty_audit\&.so\fR\ 'u
    34. 

  34. \fBpam_tty_audit\&.so\fR [disable=\fIpatterns\fR] [enable=\fIpatterns\fR]
    35. 

  35. .SH "DESCRIPTION"
    36. 

  36. .PP
    37. 

  37. The pam_tty_audit PAM module is used to enable or disable TTY auditing\&. By default, the kernel does not audit input on any TTY\&.
    38. 

  38. .SH "OPTIONS"
    39. 

  39. .PP
    40. 

  40. \fBdisable=\fR\fB\fIpatterns\fR\fR
    41. 

  41. .RS 4
    42. 

  42. For each user matching
    43. 

  43. \fB\fIpatterns\fR\fR, disable TTY auditing\&. This overrides any previous
    44. 

  44. \fBenable\fR
    45. 

  45. option matching the same user name on the command line\&. See NOTES for further description of
    46. 

  46. \fB\fIpatterns\fR\fR\&.
    47. 

  47. .RE
    48. 

  48. .PP
    49. 

  49. \fBenable=\fR\fB\fIpatterns\fR\fR
    50. 

  50. .RS 4
    51. 

  51. For each user matching
    52. 

  52. \fB\fIpatterns\fR\fR, enable TTY auditing\&. This overrides any previous
    53. 

  53. \fBdisable\fR
    54. 

  54. option matching the same user name on the command line\&. See NOTES for further description of
    55. 

  55. \fB\fIpatterns\fR\fR\&.
    56. 

  56. .RE
    57. 

  57. .PP
    58. 

  58. \fBopen_only\fR
    59. 

  59. .RS 4
    60. 

  60. Set the TTY audit flag when opening the session, but do not restore it when closing the session\&. Using this option is necessary for some services that don\*(Aqt
    61. 

  61. \fBfork()\fR
    62. 

  62. to run the authenticated session, such as
    63. 

  63. \fBsudo\fR\&.
    64. 

  64. .RE
    65. 

  65. .PP
    66. 

  66. \fBlog_passwd\fR
    67. 

  67. .RS 4
    68. 

  68. Log keystrokes when ECHO mode is off but ICANON mode is active\&. This is the mode in which the tty is placed during password entry\&. By default, passwords are not logged\&. This option may not be available on older kernels (3\&.9?)\&.
    69. 

  69. .RE
    70. 

  70. .SH "MODULE TYPES PROVIDED"
    71. 

  71. .PP
    72. 

  72. Only the
    73. 

  73. \fBsession\fR
    74. 

  74. type is supported\&.
    75. 

  75. .SH "RETURN VALUES"
    76. 

  76. .PP
    77. 

  77. PAM_SESSION_ERR
    78. 

  78. .RS 4
    79. 

  79. Error reading or modifying the TTY audit flag\&. See the system log for more details\&.
    80. 

  80. .RE
    81. 

  81. .PP
    82. 

  82. PAM_SUCCESS
    83. 

  83. .RS 4
    84. 

  84. Success\&.
    85. 

  85. .RE
    86. 

  86. .SH "NOTES"
    87. 

  87. .PP
    88. 

  88. When TTY auditing is enabled, it is inherited by all processes started by that user\&. In particular, daemons restarted by a user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\&. Therefore, it is recommended to use
    89. 

  89. \fBdisable=*\fR
    90. 

  90. as the first option for most daemons using PAM\&.
    91. 

  91. .PP
    92. 

  92. To view the data that was logged by the kernel to audit use the command
    93. 

  93. \fBaureport \-\-tty\fR\&.
    94. 

  94. .PP
    95. 

  95. The
    96. 

  96. \fB\fIpatterns\fR\fR
    97. 

  97. are comma separated lists of glob patterns or ranges of uids\&. A range is specified as
    98. 

  98. \fImin_uid\fR:\fImax_uid\fR
    99. 

  99. where one of these values can be empty\&. If
    100. 

  100. \fImin_uid\fR
    101. 

  101. is empty only user with the uid
    102. 

  102. \fImax_uid\fR
    103. 

  103. will be matched\&. If
    104. 

  104. \fImax_uid\fR
    105. 

  105. is empty users with the uid greater than or equal to
    106. 

  106. \fImin_uid\fR
    107. 

  107. will be matched\&.
    108. 

  108. .PP
    109. 

  109. Please note that passwords in some circumstances may be logged by TTY auditing even if the
    110. 

  110. \fBlog_passwd\fR
    111. 

  111. is not used\&. For example, all input to an ssh session will be logged \- even if there is a password being typed into some software running at the remote host because only the local TTY state affects the local TTY auditing\&.
    112. 

  112. .SH "EXAMPLES"
    113. 

  113. .PP
    114. 

  114. Audit all administrative actions\&.
    115. 

  115. .sp
    116. 

  116. .if n \{\
    117. 

  117. .RS 4
    118. 

  118. .\}
    119. 

  119. .nf
    120. 

  120. session	required pam_tty_audit\&.so disable=* enable=root
    121. 

  121.       
    122. 

  122. .fi
    123. 

  123. .if n \{\
    124. 

  124. .RE
    125. 

  125. .\}
    126. 

  126. .sp
    127. 

  127. .SH "SEE ALSO"
    128. 

  128. .PP
    129. 

  129. \fBaureport\fR(8),
    130. 

  130. \fBpam.conf\fR(5),
    131. 

  131. \fBpam.d\fR(5),
    132. 

  132. \fBpam\fR(8)
    133. 

  133. .SH "AUTHOR"
    134. 

  134. .PP
    135. 

  135. pam_tty_audit was written by Miloslav Trmač <mitr@redhat\&.com>\&. The log_passwd option was added by Richard Guy Briggs <rgb@redhat\&.com>\&.
    136.