HPE Community
Operating System - HP-UX
1754235 Members
3340 Online
108812 Solutions
New Discussion юеВ

Re: Sudo

 
Davis Paul
Valued Contributor

тАО04-16-2008 09:31 PM

тАО04-16-2008 09:31 PM

Sudo

Hi,
How can I monitor each and all commands from all users using sudo? Now I can do only sudo commands.
Regards,
Davis Paul.

0 Kudos
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО04-16-2008 09:48 PM

тАО04-16-2008 09:48 PM

Re: Sudo

Shalom,

sudo itself limits what normally root only commands the user can execute.

If you do not have root access you can not monitor other users sudo activity.

If you have root access you can monitor the users keyboard logs, usually .sh_history in the users home directory. To be sure see what HISTFILE says in the users .profile file.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО04-16-2008 09:49 PM

тАО04-16-2008 09:49 PM

Re: Sudo

You need to be a little clearer. Did you mean:
1) ... from all users, using sudo
2) ... from all users that just happen to use sudo

Do you want to monitor ALL commands, whether sudo or not?
0 Kudos
Davis Paul
Valued Contributor

тАО04-16-2008 10:25 PM

тАО04-16-2008 10:25 PM

Re: Sudo

Hi,
I have a sudo log file in /var/run/sudo/sudo.log. From here I can get the command which I have given in /opt/iexpress/sudo/etc/sudoers for particular users. In this log file I am getting only command which starting with the word 'sudo'. I want to make an entry for all command evev if they are not starting with 'sudo'. Also how can I make a log entry in var/run/sudo/sudo.log for an ordinary user who has no special privileges in /opt/iexpress/sudo/etc/sudoers ?
0 Kudos
Matti_Kurkela
Honored Contributor

тАО04-16-2008 10:37 PM

тАО04-16-2008 10:37 PM

Re: Sudo

You might try "sudosh", a program to extend the logging capabilities of the regular sudo.
http://sourceforge.net/projects/sudosh/
When a user starts a shell as another user using sudosh, it will log all the commands the user enters in that session.

If you need to log _all_ commands, whether using sudo or not, you should examine the auditing capabilities of HP-UX.

Note that the auditing system will, if necessary, log the start of _every process_, whether user-initiated or not. You may need to filter or otherwise post-process your audit logs to keep them in manageable size and/or find the relevant data in them.

MK
MK
0 Kudos
Davis Paul
Valued Contributor

тАО08-03-2008 01:09 AM

тАО08-03-2008 01:09 AM

Re: Sudo

closed
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.