In the ex415 v9 labs, section 6.7 there's a task to enable full terminal logging with pam_tty_audit module. To achieve this authselect is used as follows:
authselect create-profile minimal-with-tty-audit \
-b minimal --symlink-meta --symlink-pamecho "session required pam_tty_audit.so disable=student enable=devops log_passwd" \
>> /etc/authselect/custom/minimal-with-tty-audit/system-auth I've the problem that the custom profile has been created with symlik options that are then edited. This means that the actual templates from /usr/share/authselect/* are being updated. This results in two major problems
a) next patch/update (or reinstall) of authselect-libs will wipe this change out
b) this will affect all other profiles
To avoid this I'd avoid using --symlink* options and have these files in custom location (location of custom profile), edit that and apply profile.
Am I missing something here?
