View Issue Details

IDProjectCategoryView StatusLast Update
0017822CentOS-8pampublic2020-10-30 11:33
Reporterjeburkes76 Assigned To 
Status newResolutionopen 
Product Version8.2.2004 
Summary0017822: does not function in 8.2.2004 or 8.1.1911
DescriptionBrand new installation of CentOS 8.2.2004/8.1.1911, and modified password-auth, system-auth, and sshd in pam.d to include session required enable=*. Example pam.d\sshd config below:

auth substack password-auth
auth include postlogin
account required
account required
account include password-auth
password include password-auth
# close should be the first session rule
session required close
session required
session required enable=*
# open should only be followed by sessions to be executed in the user context
session required open env_params
session required
session optional force revoke
session optional
session include password-auth
session include postlogin

If I log in with my account, sudo over to root, and execute command line options such as ls, top, cd /, etc. I DO NOT get entries in the audit.log with type=USER_TTY. NOTE: I have this running and tested on a new CentOS 7.8 installation as well on production systems.
Steps To Reproduce- Build new CentOS 8.X system
- Modify sshd, password-auth, system-auth in pam.d
- Create local user with sudo access
- SSH into system with local user, switch to root
- Run commands
- ausearch -m "USER_TTY", result no matches
- ausearch -m "TTY", matches with raw command line logging data

Do the same as above with CentOS 7, USER_TTY will have results.
Additional Information


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-10-30 11:33 jeburkes76 New Issue
2020-10-30 11:33 jeburkes76 Tag Attached: pam