pam_tty_audit
logs TTY keystrokes
TLDR
Enable TTY auditing
$ session required pam_tty_audit.so enable=*
Audit specific users$ session required pam_tty_audit.so enable=admin,root
Disable for users$ session required pam_tty_audit.so disable=service_account
SYNOPSIS
pam_tty_audit.so [options]
DESCRIPTION
pam_tty_audit logs TTY keystrokes. Enables session auditing.
The module records terminal input. Requires audit daemon.
PARAMETERS
enable=USERS
Enable auditing for users.disable=USERS
Disable auditing for users.open_only
Audit session open only.log_password
Include password typing.
CAVEATS
Requires auditd. Privacy implications. May log sensitive data.
HISTORY
pamttyaudit provides keystroke auditing for compliance requirements.