From owner-freebsd-questions@FreeBSD.ORG Wed Dec 5 23:48:47 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3BC503D6 for ; Wed, 5 Dec 2012 23:48:47 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from ozzie.tundraware.com (ozzie.tundraware.com [75.145.138.73]) by mx1.freebsd.org (Postfix) with ESMTP id E84238FC08 for ; Wed, 5 Dec 2012 23:48:46 +0000 (UTC) Received: from [192.168.0.2] (viper.tundraware.com [192.168.0.2]) (authenticated bits=0) by ozzie.tundraware.com (8.14.5/8.14.5) with ESMTP id qB5NmcJm008415 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 5 Dec 2012 17:48:38 -0600 (CST) (envelope-from tundra@tundraware.com) Message-ID: <50BFDD51.5000100@tundraware.com> Date: Wed, 05 Dec 2012 17:48:33 -0600 From: Tim Daneliuk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 CC: FreeBSD Mailing List Subject: Re: Somewhat OT: Is Full Command Logging Possible? References: <50BFD674.8000305@tundraware.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (ozzie.tundraware.com [192.168.0.1]); Wed, 05 Dec 2012 17:48:38 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: qB5NmcJm008415 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Dec 2012 23:48:47 -0000 On 12/05/2012 05:44 PM, Kurt Buff wrote: > On Wed, Dec 5, 2012 at 3:19 PM, Tim Daneliuk wrote: >> I am working with an institution that today provides limited privilege >> escalation >> on their servers via very specific sudo rules. The problem is that the >> administrators can do 'sudo su -'. > > > > sudo is misconfigured. > > man 5 sudoers and man 8 visudo > > > > Kurt > I'm sorry Kurt, I'm sort of dense today, I'm not sure what you're saying. Are you suggesting that there is a way to configure sudo so that if someone does 'sudo su -' to become an admin, sudo can be made to log every command they execute thereafter? -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/