[sudo-users] Aliases

donald.ritchey at exeloncorp.com donald.ritchey at exeloncorp.com
Wed Feb 14 14:37:44 EST 2007


In our environment, we discourage logging in as root at all.  We have
set up sudo as the preferred method of running anything requiring
superuser privileges.  We then log to a secure log server and audit
those logs.  Any login to root is questioned to ensure that the user
could not accomplish the task using sudo.

I am the administrator for about 40 UNIX servers and I can count on the
fingers of one hand the times that I have actually logged in as root in
the last six months.

Make using sudo second nature (and easy) to your system admins and then
audit the log files for users using sudo to become root to avoid the
detailed logging that sudo provides.

Best wishes,

Don Ritchey

-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of
dprice1 at metlife.com
Sent: Wednesday, February 14, 2007 11:20 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] Aliases



Our environment has grown tremendously and auditing is clamping down.
As
it currently stands all UNIX Admins log in and "su" to root for
performing
admin tasks.  The shell history files provide limited logging and
auditing.
I would like to set up an alias so that every command entered by the
root
user is automatically aliased to  "sudo ..... {the command entered}"
Therefore everything done by the root user is automatically logged in
the
sudo log.

I've tried this a few ways and I've gotten inconsistent results.

Has anyone done this successfully?

Thank you!!
The information contained in this message may be CONFIDENTIAL and is for
the intended addressee only.  Any unauthorized use, dissemination of the
information, or copying of this message is prohibited.  If you are not
the intended addressee, please notify the sender immediately and delete
this message.
____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users

-----------------------------------------
**************************************************
This e-mail and any of its attachments may contain Exelon
Corporation proprietary information, which is privileged,
confidential, or subject to copyright belonging to the Exelon
Corporation family of Companies.
This e-mail is intended solely for the use of the individual or
entity to which it is addressed.  If you are not the intended
recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation
to the contents of and attachments to this e-mail is strictly
prohibited and may be unlawful.  If you have received this e-mail
in error, please notify the sender immediately and permanently
delete the original and any copy of this e-mail and any printout.
Thank You.
**************************************************




More information about the sudo-users mailing list