Fwd: How to track down which commands sudoers set up?



whoops! sorry peter

sent to list proper this time. [vagaries of gmail]


---------- Forwarded message ----------
From: Stuart Howard <stuart.g.howard@xxxxxxxxx>
Date: 14-Jun-2006 12:38
Subject: Re: How to track down which commands sudoers set up?
To: Peter Morgan <peterjmorgan@xxxxxxxxx>


I believe that sudo can be configured to limit the extent to which the
proviledge is used, in other words you could probably set it up to
allow your users to do what they need but not to delete their tracks
eg. bash_history.or rm /var/log/*
I cant say I have done this myself but I did read man sudo a while
back and such things seemed possible.

stu

ps. If you know what specific authoirty you wish to grant rather than
all except xxx it may be easier to so this.

On 13/06/06, Peter Morgan <peterjmorgan@xxxxxxxxx> wrote:
Are you referring to the commands issued by a user with SUDO
privileges, or someone that issued the su command to change from the
current user to a UID of 0 (root)?

In the first case, (on my Ubuntu Dapper system) you can look in the
auth.log, it will list what command the user issued through sudo. If
you can't find the logfile, try this:

bash-$ grep -ilr sudo /var/log

and that should find what file on your system houses the logs for sudo.

In the second case, I do not believe there exists a default facility
in linux to track what commands a user issued when having su'ed to
root. The best you could do is copy the shell history file from /root
and analyze what is left of that. If the user was doing something
malicious (or something they didn't want logged) they likely would
have erased those entries in the shell history file.

Hope this helps,

Peter

On 6/13/06, Jannis Kafkoulas <kajannis@xxxxxx> wrote:
> Hello,
>
> I'd like to find out what exactly any user did after they turned to superuser
> and when exactly each cmd was processed (in a Linux box).
>
> Can someone help me managing this?
>
> Many thanks
>
> Jannis
> ______________________________________________________________
> Verschicken Sie romantische, coole und witzige Bilder per SMS!
> Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
>
>



--
"There are 10 types of people in this world: those who understand
binary, those who don't"

--Unknown


--
"There are 10 types of people in this world: those who understand
binary, those who don't"

--Unknown



Relevant Pages

  • Re: [kde-linux] KDE 4 and monitor powering off.
    ... I changed it so that it would run as root since I have to ... I have sudo configured so my normal user has very limited access (some ... commands, with specific parameters. ... The admin user has full passwordless access to do everything root could ...
    (KDE)
  • Re: trouble compiling Midnight Commander
    ... to get the file manager Midnight Commander running on my Mac Pro. ... first tried the Fink version, but that was essentially useless, so now ... sudo commands. ... I issued 'sudo make install' as the last of the commands listed ...
    (comp.sys.mac.apps)
  • Re: Dumb question of the week.
    ... me a blood-red prompt. ... I think that 'root' commands must work without surprises like aliases ... My su and sudo work as defined in the man pages, ... which asks for the root password and then, ...
    (alt.os.linux.suse)
  • [opensuse] sudo, and useradd
    ... I am trying to setup sudo rights on a specific user ... # create group LIMITEDTRUST with user test as a member ... the commands listed in cmnd alias PROGRAMS ... The views expressed in this e-mail are the views of the individual sender and should in no way be construed as the views of the Company. ...
    (SuSE)