Re: sudo logging

To: Mag Gam <magawake@gmail.com>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: sudo logging
From: Frank Lin PIAT <fpiat@klabs.be>
Date: Thu, 11 Jun 2009 08:02:39 +0200
Message-id: <[🔎] 1244700159.19081.10438.camel@solid.paris.klabs.be>
In-reply-to: <[🔎] 1cbd6f830906101657q8212a84r609d8577ef6b5ed@mail.gmail.com>
References: <[🔎] 1cbd6f830906101657q8212a84r609d8577ef6b5ed@mail.gmail.com>

On Wed, 2009-06-10 at 19:57 -0400, Mag Gam wrote:
> We have many users at my university engineering lab. Some professors
> need commands for root and of other users, so we decided to setup sudo
> permissions. I was wondering if there is a way to log all commands
> when they sudo into an account or root account.

You should only grant the right to execute some specific commands. One
should not be able to use sudo to run a shell as root.
Therefore each command is execute using "sudo something" and each
executed command is logged.

> I would like to even capture key strokes...

Once your users are root, you have to trust them (they can kill whatever
tool you run) but you can check the command "script".

One idea... If you want to log all what is typed, you could tell your
users to connect to another box, from where they would telnet to the
target box. You can then use a sniffer to log the connection.

BTW, make sure this is legal in your country.

Franklin

Reply to:

Follow-Ups:
- Re: sudo logging
  - From: Mag Gam <magawake@gmail.com>

References:
- sudo logging
  - From: Mag Gam <magawake@gmail.com>

Prev by Date: Re: Why no Control-Alt-Delete after kernel panic?
Next by Date: Re: [OT] SQL Syntax Error '????????????????'
Previous by thread: Re: sudo logging
Next by thread: Re: sudo logging
Index(es):
- Date
- Thread