Re: sudo logging
I though there was already a tool which integrates sudo and script.
This is the combination I was looking for.
On Thu, Jun 11, 2009 at 2:02 AM, Frank Lin PIAT<email@example.com> wrote:
> On Wed, 2009-06-10 at 19:57 -0400, Mag Gam wrote:
>> We have many users at my university engineering lab. Some professors
>> need commands for root and of other users, so we decided to setup sudo
>> permissions. I was wondering if there is a way to log all commands
>> when they sudo into an account or root account.
> You should only grant the right to execute some specific commands. One
> should not be able to use sudo to run a shell as root.
> Therefore each command is execute using "sudo something" and each
> executed command is logged.
>> I would like to even capture key strokes...
> Once your users are root, you have to trust them (they can kill whatever
> tool you run) but you can check the command "script".
> One idea... If you want to log all what is typed, you could tell your
> users to connect to another box, from where they would telnet to the
> target box. You can then use a sniffer to log the connection.
> BTW, make sure this is legal in your country.