| 1 |
Ahhh! Got it. I should stop using "/bin/su -" and force sudo use |
| 2 |
instead. It sounds more secure, gets what I want, and sounds like best |
| 3 |
practice anyway. Thanks. |
| 4 |
|
| 5 |
-Jason |
| 6 |
|
| 7 |
-----Original Message----- |
| 8 |
From: Dan Noe [mailto:dpn@×××××××××.net] |
| 9 |
Sent: Thursday, June 17, 2004 11:47 AM |
| 10 |
To: gentoo-server@l.g.o |
| 11 |
Subject: Re: [gentoo-server] Root commands > syslog |
| 12 |
|
| 13 |
|
| 14 |
On Thu, Jun 17, 2004 at 08:44:25AM -0700, Jason Qualkenbush wrote: |
| 15 |
> Is there a way to get commands entered by root or even sudo commands |
| 16 |
> into syslog? This way I can use syslog-ng to create a central log |
| 17 |
> file for review or even use swatch to alert on suspicious commands. |
| 18 |
> If the commands end up in the history file, there should be a way to |
| 19 |
> get them into syslog, right? Or is this re-inventing the wheel? |
| 20 |
|
| 21 |
Currently sudo commands are logged, like so: |
| 22 |
|
| 23 |
Jun 17 11:45:31 threepwood sudo: dpn : TTY=pts/1 ; PWD=/home/dpn ; |
| 24 |
USER=roo |
| 25 |
t ; COMMAND=/usr/bin/less /var/log/messages |
| 26 |
|
| 27 |
Remember, however, that uses with certain priveledges can execute sudo |
| 28 |
-s or sudo <shell> and get a shell. In this case, sudo will log |
| 29 |
starting the shell but will not log any commands typed into it. |
| 30 |
|
| 31 |
Dan |
| 32 |
|
| 33 |
-- |
| 34 |
/--------------- - - - - - - |
| 35 |
| Dan Noe, freelance hacker |
| 36 |
| http://isomerica.net/ |
Archives