Best way to log sudo group
Harry Hoffman
hhoffman at ip-solutions.net
Fri Jul 5 13:51:47 UTC 2013
Hi Prashant,
By allowing a user to run any command you open up the potential for them to either su to root or run a shell as root.
Either way sudo will no longer be invoked if they do that and you won't have sudo logs of what actions took place.
A couple of things you can do. Specify what commands they can run via sudo (e.g. /sbin/ifconfig, /bin/rm, ...) so that each command gets logged. Or install something like sudosh and allow them to run that command. This essentially writes out their shell history to a filed based upon their uid and timestamp.
Hope this helps.
Cheers,
Harry
Prashant Singh <prash4321 at yahoo.co.in> wrote:
>Dear All,
>
>What is the best way to give root priviliges and also log thier activity logs. What I did was I have created a user added to group assigned admin rights to the group using entry:-
>
>%group_name ALL = ALL ALL
>
>It works but first time it asks password and it also logs that and after that it dose'nt ask for password and works without giving sudo command
>
>In the next senario it asks for sudo before any command and logs it without sudo asking for password
>
>I need to work it like it asks for password first time with sudo <Command> and then dont need sudo to be added before a command and also logs it.
>
>we use mostly Fedora 15 and CentOS 6.0 up versions on servers.
>
>
>
>Thanks & Regards
>Prashant Singh Genda
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list