dhanks at gmail.com
Fri Sep 17 18:51:35 EDT 2004
I've written a new program similar to sudoscript. I call it sudosh.
It's a root shell that can be used with sudo and still retain an audit
trail through syslog.
I liked sudoscript's idea, but the implementation was incorrect and it
was limited to certain operating systems.
My current release is pending approval on sf.net and freashmeat.net.
It's compatible with AIX, Solaris, BSD, HP-UX and Linux.
The only requirement is a recent version of > Perl 5.6.
Basically sudosh creates a secure fifo and spawns script(5) using that
fifo. Then sudosh calls a personal daemon sudoshd which reads that
fifo and handles all the parsing and logs the session to syslog.
sudosh also comes with utilities to view sudosh sessions and you can
also drill down deeper to view the actual session output. sudosh
supports multiple concurrent users without accurate audit logging.
- Doug Hanks = dhanks(at)gmail(dot)com
More information about the sudo-workers