0

What audit rule needs to be added to get USER_TTY record logged?

Whether it will record all the executed commands under msg field?

Improve this question

1 Answer 1

Reset to default
0

Enable pam_tty_audit, by placing this line in your /etc/pam.d/ files:

session required pam_tty_audit.so disable=bounce enable=root
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.