SUMMARY: Different log files in sudo?
Salum, Felipe
felipe.salum at eds.com
Wed Dec 26 13:13:08 EST 2001
Hi people.
I was reading some sun documents and I found the way to log root commands
after the user changed to root by "sudo su -" or just "su -" with the root
password.
Resuming my problem, I needed to log all the commands that the users typed
as admin privileges. The solution is to use SUDO so the admin users do not
need know the root password by using the "sudo su -" command and to log what
they did after this command I have tested BSM (Basic Security Module) that
comes with solaris operating system.
You can get more information how to set this in the URLs above:
http://www.sun.com/blueprints/0201/audit_config.pdf
http://www.securityfocus.com/infocus/1362
BSM is really cool :)
Thanks to all.
Felipe Salum, SCSA
Security and Systems Administration
EDS Brazil
-----Original Message-----
From: George Meharry II [mailto:gmeharry at yahoo.com]
Sent: Friday, December 14, 2001 11:13 AM
To: sudo-users at sudo.ws
Subject: Fwd: Different log files in sudo?
Felipe,
The problem you are presenting is one of culture -
that is the culture of UNIX administration. The law
MUST be laid down such that:
"thou shall not do 'sudo su -' nor shall thou do 'sudo
-s'!"
Now it's always been a cop-out of a UNIX admin that "I
can't do such-and-such command using sudo" ect. This
is because the UNIX admin has gotten complacent in
their usage/knowledge of UNIX regular expression.
There's ALWAYS a way to do ANY command via sudo so it
gets logged! You've just got to change the culture.
Make it an ISO requirement! In doing so, it is now a
"business rule" and there are now penalties for not
following the ISO documentation ...
and so on, and so on ... It won't be an easy task, but
it is one worth pursuing!
FWIW, take with a grain of salt.
The soapbox has been back to the masses .. :-)
Note: forwarded message attached.
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
More information about the sudo-users
mailing list