Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_tty_audit(8) [centos man page]

PAM_TTY_AUDIT(8)						 Linux-PAM Manual						  PAM_TTY_AUDIT(8)

NAME

       pam_tty_audit - Enable or disable TTY auditing for specified users

SYNOPSIS

       pam_tty_audit.so [disable=patterns] [enable=patterns]

DESCRIPTION

       The pam_tty_audit PAM module is used to enable or disable TTY auditing. By default, the kernel does not audit input on any TTY.

OPTIONS

       disable=patterns
	   For each user matching one of comma-separated glob patterns, disable TTY auditing. This overrides any previous enable option matching
	   the same user name on the command line.

       enable=patterns
	   For each user matching one of comma-separated glob patterns, enable TTY auditing. This overrides any previous disable option matching
	   the same user name on the command line.

       open_only
	   Set the TTY audit flag when opening the session, but do not restore it when closing the session. Using this option is necessary for
	   some services that don't fork() to run the authenticated session, such as sudo.

       log_passwd
	   Log keystrokes when ECHO mode is off but ICANON mode is active. This is the mode in which the tty is placed during password entry. By
	   default, passwords are not logged. This option may not be available on older kernels (3.9?).

MODULE TYPES PROVIDED

       Only the session type is supported.

RETURN VALUES

       PAM_SESSION_ERR
	   Error reading or modifying the TTY audit flag. See the system log for more details.

       PAM_SUCCESS
	   Success.

NOTES

       When TTY auditing is enabled, it is inherited by all processes started by that user. In particular, daemons restarted by an user will still
       have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled. Therefore, it is
       recommended to use disable=* as the first option for most daemons using PAM.

       To view the data that was logged by the kernel to audit use the command aureport --tty.

EXAMPLES

       Audit all administrative actions.

	   session   required pam_tty_audit.so disable=* enable=root

SEE ALSO

       aureport(8), pam.conf(5), pam.d(5), pam(8)

AUTHOR

       pam_tty_audit was written by Miloslav Trma <mitr@redhat.com>. The log_passwd option was added by Richard Guy Briggs <rgb@redhat.com>.

Linux-PAM Manual						    09/04/2013							  PAM_TTY_AUDIT(8)

Check Out this Related Man Page

PAM_LIMITS(8)							 Linux-PAM Manual						     PAM_LIMITS(8)

NAME

       pam_limits - PAM module to limit resources

SYNOPSIS

       pam_limits.so [change_uid] [conf=/path/to/limits.conf] [debug] [utmp_early] [noaudit]

DESCRIPTION

       The pam_limits PAM module sets limits on the system resources that can be obtained in a user-session. Users of uid=0 are affected by this
       limits, too.

       By default limits are taken from the /etc/security/limits.conf config file. Then individual *.conf files from the /etc/security/limits.d/
       directory are read. The files are parsed one after another in the order of "C" locale. The effect of the individual files is the same as if
       all the files were concatenated together in the order of parsing. If a config file is explicitly specified with a module option then the
       files in the above directory are not parsed.

       The module must not be called by a multithreaded application.

       If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent
       login sessions.

OPTIONS

       change_uid
	   Change real uid to the user for who the limits are set up. Use this option if you have problems like login not forking a shell for user
	   who has no processes. Be warned that something else may break when you do this.

       conf=/path/to/limits.conf
	   Indicate an alternative limits.conf style configuration file to override the default.

       debug
	   Print debug information.

       utmp_early
	   Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system. If some of the services
	   you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time
	   maintain system-wide consistency with a single limits.conf file.

       noaudit
	   Do not report exceeded maximum logins count to the audit subsystem.

MODULE TYPES PROVIDED

       Only the session module type is provided.

RETURN VALUES

       PAM_ABORT
	   Cannot get current limits.

       PAM_IGNORE
	   No limits found for this user.

       PAM_PERM_DENIED
	   New limits could not be set.

       PAM_SERVICE_ERR
	   Cannot read config file.

       PAM_SESSION_ERR
	   Error recovering account name.

       PAM_SUCCESS
	   Limits were changed.

       PAM_USER_UNKNOWN
	   The user is not known to the system.

FILES

       /etc/security/limits.conf
	   Default configuration file

EXAMPLES

       For the services you need resources limits (login for example) put a the following line in /etc/pam.d/login as the last line for that
       service (usually after the pam_unix session line):

	   #%PAM-1.0
	   #
	   # Resource limits imposed on login sessions via pam_limits
	   #
	   session  required  pam_limits.so

       Replace "login" for each service you are using this module.

SEE ALSO

       limits.conf(5), pam.d(5), pam(7).

AUTHORS

       pam_limits was initially written by Cristian Gafton <gafton@redhat.com>

Linux-PAM Manual						    06/04/2011							     PAM_LIMITS(8)
Man Page