Some concerns while using Sudo
Sukant_N1 at Verifone.Com
Fri Jun 9 02:17:03 EDT 2000
I am a Unix System Administrator and a newbie to Sudo. I am evaluating Sudo
utility. I have downloaded, compiled and installed Sudo version 1.6.3p4 on
HP-UX 11.00 server. It is working fine. This is a real great utility and I would
like to implement it on all my servers in my company
I have configured the sudo log file as /var/adm/syslog/sudo.log in the
I logged in as ordinary user and was able to use vi in sudo and then delete the
entire entries in the sudo.log file and make the size as 0 bytes for this file.
Is it possible to stop this ?
My concerns are :
1. How can I stop anybody from deleting my sudo.log file ?
2. Also what are the different ways in which the syslog file can be
$ sudo /usr/bin/cat /dev/null > /var/adm/syslog/sudo.log
$ sudo /usr/bin/cp /dev/null /var/adm/syslog/sudo.log
Some snapshot from my server.
# cd /var/adm/syslog
-rw-r--r-- 1 root root 99648 May 19 12:45 OLDsyslog.log
-r--r--r-- 1 root root 27016 May 17 18:38 mail.log
-r-------- 1 root sys 0 Jun 8 19:55 sudo.log
-rw-r--r-- 1 root root 1313103 Jun 9 10:12 syslog.log
Also, I know that I can stop this from happening provided I don't allow the end
users to run vi or touch or cat command from sudo by configuring it in the
sudoers file. But I would be more interested to know if there are any more ways
of tampering the log files, so that I can stop this from happening. Please
suggest me some methods about how to go about making a secure Sudo installation.
Verifone India Limited
Tel : +91-80-529 8151/2/3/4 Extension 2028
Fax : +91-80-529 9876
Email : Sukant_N1 at verifone.com <mailto:Sukant_N1 at verifone.com>
Page me at : 271697 at messageindia.com <mailto:271697 at messageindia.com>
Seek out that particular mental attribute which makes you feel most deeply and
vitally alive, along with which comes the inner voice which says, "This is the
real me," and when you have found that attitude, follow it. - William James
More information about the sudo-workers