Re: sudo



EIDW Spotter wrote:
Is there anyway to track exactely what a user does once they use sudo? I
know about the sudolog, is there an other way as this just list sudo su -
commands.

If you want to consider a commercial alternative, including full
keystroke logging capabilities, you may want to have a look at
PowerBroker. Sort of sudo on steroids for $$($):
http://www.symark.com/powerbroker.htm

Of course, even with PowerBroker, if one does or allows something
sufficiently insecure, the keystroke logging can be bypassed, e.g.:
$ pbrun xterm
or equivalent thereof (last I was aware, PowerBroker doesn't log X11
events, including their keystrokes).

But as with sudo, at least you'll know someone ran a command which
doesn't allow full logging of precisely what was done with the command
executed.

.



Relevant Pages

  • Re: [kde] su identification
    ... assumes that you wish to invoke the root account and will demand Root ... A user may ONLY sudo as allowed in the /etc/sudoers ... allowing a command with any parameters ... This config allows my normal user to do whatever he'd normally be able to ...
    (KDE)
  • Re: Apple recommending anti-virus software for Macs?
    ... > To be ultra-safe with the 'rm' command, ... Not a bad idea for root, It would drive me nuts in my user account. ... downloads directory and executing it. ... That I type an EOF is a trivial difference versus 'sudo' exiting ...
    (comp.sys.mac.system)
  • Re: Sudo
    ... >> in as adminB, then the system sees adminB on the ... >> If userA is not in sudoers, ... >> The sudo command itself only works for that command. ...
    (alt.linux)
  • Re: any way to track commands of a user logged in through ssh
    ... applies _to that command only_. ... the command they want to run with 'sudo', ... I use/run a Shell command that requires 'root' privileges...Especially ... So what do you think about creating a separate 'group' for certain ...
    (comp.os.linux.misc)
  • [UNIX] Sudo Race Condition Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A race condition with the Sudo command pathname handling allows a local ... When a user runs a command via Sudo, the inode and device numbers of the ... listed in the sudoers file is stored in the variable safe_cmnd, ...
    (Securiteam)