[sudo-users] centralized iolog deployment

konrad rzentarzewski konrad.rzentarzewski at artegence.com
Thu Mar 29 10:19:57 EDT 2012 

On Thu, Mar 29, 2012 at 09:00:54AM -0500, Patrick Spinler wrote:

> It's not yet clear to me that structured data (e.g. JSON) beyond the
> binary format already used would be useful here.  Nor is it clear to me
> how one would include e.g. JSON into a syslog stream.

structured data biggest advantage is its structure, ie. you can send it
(pull/push) with whatever tools best suite your infrastructure (for some
it will be rsyslog, for some it might be simple php webapi) and
deserialize on receiver. so, instead of piping 5 different unrelated
files you get a complete stream of messages (indexed, with required
metadata, like keypress timestamps, encoding information, terminal width
and height and such) that is easy to trasfer, resemble and archive.

for json in syslog, please see proposed CEE format (codename
lumberjack).

> I posted a suggested implementation back in this message:
> http://www.sudo.ws/pipermail/sudo-users/2011-September/004800.html which
> I'd be willing to work on.  I'd not heard any response though, so have
> held off on attempting to cut any actual code.
> 
> Might you be willing to contrast your ideas to that proposal, and
> suggest where your ideas have the advantage, and/or disadvantage?

i see the biggest problem with plugin infrastructure in sudo in fact
that they need to be written in C, and there are not many sysadmins
which are programming in C (the reverse works as well: there are not
many coders interested in systems administration and security).

so, basically my proposal is a standardized format for iolog,
materialized as a plugin, which can be then consumed by external
processes (fed by pipe or network socket). the same may apply to 
policy plugin - a simple api (might be sasl-compatible) which provides
needed authentication information to sudo from external sources.

-- 
 konrad rzentarzewski - Senior SA, Artegence sp. z o.o.
 Office: +48.223801313  NOC: +48.222010500  ARTE42-RIPE
 Ten mail nie stanowi pisma i zamówienia handlowego wg.
 Kodeksu spółek handlowych (Dz.U. 2000 nr 94 poz. 1037)

<legal_blurb>
Spółka wpisana do rejestru przedsiębiorców prowadzonego przez Sąd Rejonowy
dla m.st. Warszawy Wydział XIII Gospodarczy Krajowego Rejestru Sądowego pod
numerem KRS 0000066610
NIP: 521-30-18-541
wysokość kapitału zakładowego: 51 500,00 PLN
</legal_blurb>

More information about the sudo-users mailing list