[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-readline] Re: [PATCH] Add support for Linux TTY input auditing
From: |
Miloslav Trmac |
Subject: |
Re: [Bug-readline] Re: [PATCH] Add support for Linux TTY input auditing |
Date: |
Tue, 8 Feb 2011 11:31:59 -0500 (EST) |
Hello,
----- Original Message -----
> On 1/18/11 7:03 AM, Miroslav Lichvar wrote:
> > Hi,
> >
> > was this patch considered for inclusion? Are there any issues that
> > needs to be worked on?
>
> Readline is the wrong place for this function. If you're worried about
> what a system administrator does and what commands he runs, the right
> place to add this is in bash.
This was originally intended to be applied primarily to bash, but there are
many other relevant uses of readline.
For example, python(1) uses readline. Recording that the system administrator
started "python" does not contain much relevant information - was the python
input "1+2" or "import os; os.system('rm -rf /var/log')"?
Linux supports recording all administrator's keystrokes, and these can be used
to trace the activity globally - but a keystroke is not the ideal amount of
information, and may still be insufficient e.g. when the readline-maintained
history is used ("What happened when the use typed C-o C-o C-o?"). The
AUDIT_USER_TTY records created by readline would record the information both 1)
in the ideal resolution (one application input at a time), and 2) in the ideal
detail (exactly what input was processed by the application).
Mirek