Displaying 3 results from an estimated 3 matches for "pam_tty_audit".
2015 Jan 09
1
Asterisk executable suddenly about 40KB larger - modules (Andres)
...utting an audit rule on the binary. Something like
this:
>auditctl -w /usr/sbin/asterisk -p war -k asterisk-bin
>then you can get a report on who modified it and when by using:
>ausearch -f /usr/sbin/asterisk
>Its a start, but eventually you might need to monitor even keystrokes with
pam_tty_audit.so to understand who is doing this:
>http://poorlydocumented.com/2014/05/enabling-pam_tty_audit-on-rhel-centos-o
r-scientific-linux/
Thanks I'll keep that in mind.
Just to report back, stopping pre-linking as detailed yesterday and setting
immutable with chattr on the Asterisk executable o...
2015 Jan 08
1
Asterisk executable suddenly about 40KB larger - modules
Hi guys
Thanks for the pointers - I'll look into the possible compromise scenario
though I've got no idea how I'll counter it -if- I manage to detect it...!
I've disabled prelinking (thanks Tony!) and I'll see if that helps.
Interesting thing I've now discovered (had this failure again at the head
office this morning) is the "growth" in the file's size is
2018 Aug 07
2
id <username> - doesnt list all groups
Thank for your answer:
But i dont know understand why is following not working:
I want to restrict the ssh access for a special domain member:
In my "sshd_config" i added:
AllowGroups restrictaccess root
With user2 im able to login via ssh!
log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE
With user1 im not!
log: User user1 from 192.168.0.100 not allowed