Re: sudo

From: "Michael Paoli" <michael1cat@xxxxxxxxx>
Date: 1 Mar 2006 07:59:45 -0800

EIDW Spotter wrote:

Is there anyway to track exactely what a user does once they use sudo? I
know about the sudolog, is there an other way as this just list sudo su -
commands.

If you want to consider a commercial alternative, including full
keystroke logging capabilities, you may want to have a look at
PowerBroker. Sort of sudo on steroids for $$($):
http://www.symark.com/powerbroker.htm

Of course, even with PowerBroker, if one does or allows something
sufficiently insecure, the keystroke logging can be bypassed, e.g.:
$ pbrun xterm
or equivalent thereof (last I was aware, PowerBroker doesn't log X11
events, including their keystrokes).

But as with sudo, at least you'll know someone ran a command which
doesn't allow full logging of precisely what was done with the command
executed.

.

Prev by Date: Re: Connect direct...
Next by Date: Re: do we need to change the UNIX coding
Previous by thread: Re: Connect direct...
Next by thread: Re: do we need to change the UNIX coding
Index(es):
- Date
- Thread

Relevant Pages

Re: [kde] su identification
... assumes that you wish to invoke the root account and will demand Root ... A user may ONLY sudo as allowed in the /etc/sudoers ... allowing a command with any parameters ... This config allows my normal user to do whatever he'd normally be able to ...
(KDE)
Re: Apple recommending anti-virus software for Macs?
... > To be ultra-safe with the 'rm' command, ... Not a bad idea for root, It would drive me nuts in my user account. ... downloads directory and executing it. ... That I type an EOF is a trivial difference versus 'sudo' exiting ...
(comp.sys.mac.system)
Re: Sudo
... >> in as adminB, then the system sees adminB on the ... >> If userA is not in sudoers, ... >> The sudo command itself only works for that command. ...
(alt.linux)
Re: any way to track commands of a user logged in through ssh
... applies _to that command only_. ... the command they want to run with 'sudo', ... I use/run a Shell command that requires 'root' privileges...Especially ... So what do you think about creating a separate 'group' for certain ...
(comp.os.linux.misc)
[UNIX] Sudo Race Condition Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A race condition with the Sudo command pathname handling allows a local ... When a user runs a command via Sudo, the inode and device numbers of the ... listed in the sudoers file is stored in the variable safe_cmnd, ...
(Securiteam)