[sudo-blog] Sudo 1.9: using the new Audit API from Python
Todd C. Miller
Todd.Miller at sudo.ws
Wed Jun 24 06:24:33 MDT 2020
Version 1.9 of sudo introduced a new API to access audit information.
This is not a user-visible feature. In other words, you cannot use
it directly from the sudoers file. It is an API, meaning that you
can access audit information from plugins, including ones written
in Python. You can use it in many different ways, like sending
events from sudo directly to Elasticsearch or LaaS when something
interesting happens. You can also use it for debugging and print
otherwise difficult to access information to the screen in whatever
format you like. ...
Read the full blog post at
https://blog.sudo.ws/posts/2020/06/sudo-1.9-using-the-new-audit-api-from-python/
More information about the sudo-blog
mailing list