Date: Tue, 18 Dec 2012 19:09:20 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Somewhat OT: Is Full Command Logging Possible? Message-ID: <50D113C0.3020607@tundraware.com> In-Reply-To: <20689.4087.859208.619511@gromit.timing.com> References: <50BFD674.8000305@tundraware.com> <CADy1Ce5CCA4ExOok4DndA4C-MazbegZY1OKztCNqUZHGzLJgTA@mail.gmail.com> <50BFDD51.5000100@tundraware.com> <20689.4087.859208.619511@gromit.timing.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/18/2012 06:53 PM, John Hein wrote: > Tim Daneliuk wrote at 17:48 -0600 on Dec 5, 2012: > > On 12/05/2012 05:44 PM, Kurt Buff wrote: > > > On Wed, Dec 5, 2012 at 3:19 PM, Tim Daneliuk <tundra@tundraware.com> wrote: > > >> I am working with an institution that today provides limited privilege > > >> escalation > > >> on their servers via very specific sudo rules. The problem is that the > > >> administrators can do 'sudo su -'. > > > <snip> > > > > > > > > > sudo is misconfigured. > > > > > > man 5 sudoers and man 8 visudo > > > > > > > > > > > > Kurt > > > > > > > I'm sorry Kurt, I'm sort of dense today, I'm not sure what you're > > saying. Are you suggesting that there is a way to configure > > sudo so that if someone does 'sudo su -' to become an admin, > > sudo can be made to log every command they execute thereafter? > > See log_input and log_output in sudoers(5) Thanks so much John, that's the secret sauce I was looking for... -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50D113C0.3020607>