Some concerns while using Sudo

Sukant Naik Sukant_N1 at Verifone.Com
Fri Jun 9 02:17:03 EDT 2000

Hi All,

I am a Unix System Administrator and a newbie to Sudo. I am evaluating Sudo
utility. I have downloaded,  compiled and installed Sudo version 1.6.3p4 on
HP-UX 11.00 server. It is working fine. This is a real great utility and I would
like to implement it on all my servers in my company

I have configured the sudo log file as /var/adm/syslog/sudo.log in the
/etc/syslog.conf file.  

I logged in as ordinary user and was able to use vi in sudo and then delete the
entire entries in the sudo.log file and make the size as 0 bytes for this file.
Is it possible to stop this ?

My concerns are :

1.	How can I stop anybody from deleting my sudo.log file ?
2.	Also what are the different ways in which the syslog file can be
tampered like 
	$ sudo /usr/bin/cat /dev/null > /var/adm/syslog/sudo.log
$ sudo /usr/bin/cp /dev/null /var/adm/syslog/sudo.log

Some snapshot from my server. 
# cd /var/adm/syslog
# ll
total 3182
-rw-r--r--   1 root       root         99648 May 19 12:45 OLDsyslog.log
-r--r--r--   1 root       root         27016 May 17 18:38 mail.log
-r--------   1 root       sys              0 Jun  8 19:55 sudo.log
-rw-r--r--   1 root       root       1313103 Jun  9 10:12 syslog.log

Also, I know that I can stop this from happening provided I don't allow the end
users to run vi or touch or cat command from sudo by configuring it in the
sudoers file. But I would be more interested to know if there are any more ways
of tampering the log files, so that I can stop this from happening. Please
suggest me some methods about how to go about making a secure Sudo installation.


Sukant Naik
Verifone India Limited
Tel : +91-80-529 8151/2/3/4 Extension 2028
Fax : +91-80-529 9876
Email : Sukant_N1 at <mailto:Sukant_N1 at> 
Page me at : 271697 at <mailto:271697 at> 
Seek out that particular mental attribute which makes you feel most deeply and
vitally alive, along with which comes the inner voice which says, "This is the
real me," and when you have found that attitude, follow it. - William James

More information about the sudo-workers mailing list