[sudo-blog] Looking inside sudo shell sessions: auditd, session recordings, log_subcmds
Todd C. Miller
Todd.Miller at sudo.ws
Wed Jun 1 06:07:08 MDT 2022
There are situations where you cannot avoid giving a user full shell
access through sudo. A shell with administrative privileges gives
complete control over your hosts. Until recently, sudo could only
log the start of the shell, not the commands executed within it.
You could record sessions with sudo, but watching recordings is
boring, time consuming and can still be subverted. Version 1.9.8
introduced logging of sub-commands, but that is not yet available
on many systems. ...
Read the full blog post at
https://www.sudo.ws/posts/2022/05/looking-inside-sudo-shell-sessions-auditd-session-recordings-log_subcmds/
More information about the sudo-blog
mailing list