Re: sudo logging

To: Frank Lin PIAT <fpiat@klabs.be>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: sudo logging
From: Mag Gam <magawake@gmail.com>
Date: Thu, 11 Jun 2009 07:08:29 -0400
Message-id: <[🔎] 1cbd6f830906110408j387af4bcq919d6d15bd5b9a63@mail.gmail.com>
In-reply-to: <[🔎] 1244700159.19081.10438.camel@solid.paris.klabs.be>
References: <[🔎] 1cbd6f830906101657q8212a84r609d8577ef6b5ed@mail.gmail.com> <[🔎] 1244700159.19081.10438.camel@solid.paris.klabs.be>

I though there was already a tool which integrates sudo and script.
This is the combination I was looking for.



On Thu, Jun 11, 2009 at 2:02 AM, Frank Lin PIAT<fpiat@klabs.be> wrote:
> On Wed, 2009-06-10 at 19:57 -0400, Mag Gam wrote:
>> We have many users at my university engineering lab. Some professors
>> need commands for root and of other users, so we decided to setup sudo
>> permissions. I was wondering if there is a way to log all commands
>> when they sudo into an account or root account.
>
>
> You should only grant the right to execute some specific commands. One
> should not be able to use sudo to run a shell as root.
> Therefore each command is execute using "sudo something" and each
> executed command is logged.
>
>> I would like to even capture key strokes...
>
> Once your users are root, you have to trust them (they can kill whatever
> tool you run) but you can check the command "script".
>
> One idea... If you want to log all what is typed, you could tell your
> users to connect to another box, from where they would telnet to the
> target box. You can then use a sniffer to log the connection.
>
> BTW, make sure this is legal in your country.
>
> Franklin
>
>

Reply to:

References:
- sudo logging
  - From: Mag Gam <magawake@gmail.com>
- Re: sudo logging
  - From: Frank Lin PIAT <fpiat@klabs.be>

Prev by Date: Web Design & Development /SEO Services
Next by Date: Properly installed info
Previous by thread: Re: sudo logging
Next by thread: wrong permission?
Index(es):
- Date
- Thread