Nikolai Kondrashov
Nikolai Kondrashov
Could you please describe a situation where this would be useful, and having "required" would break things? I haven't thought this through or researched, was just copying Debian setup, where...
Thank you, @trevor-vaughan. Well, in the case of tlog-rec, at the moment it might result in tlog-rec producing a warning about seeing ASCII, and assuming it's UTF-8, or refusing to...
I think the right fix is for Fedora/RHEL to provide the locale environment via environment variables (as Debian does), instead of relying on the program being started at login to...
I understand your apprehension, but Debian doesn't have a problem with requiring pam_env for root, so I wouldn't either, at least for the time being. I would really like to...
@adm9000-3, your input should be recorded. The problem is that tlog-play cannot play back input, as it cannot interpret it, nor send it somewhere to interpret. It only plays back...
@adm9000-3, unfortunately not. Correctly extracting complete commands from user input would essentially require implementing shell command editing and interpretation functionality, and it would be a similar complexity task for extracting...
To deal with the output being too much, you can use rate limiting in tlog, and either throttle the throughput, or drop the bursty I/O (command editing is normally slow...
@adm9000-3, you can use auditd to log user input on the bastion host, same as tlog. It would just go into the bastion host's audit.log file, in the audit log...
Yes, process execution logging needs to be enabled on the host where processes execute, of course. Regarding the bastion host, I was talking about enabling TTY input logging in auditd,...
The problem here is that then tlog messages would need to be handled differently from all others in the log, because the accurate timing data would be inside the message....