> What could be the purpose of this file.
This is a log of the sudo events and cannot be allowed to be seen by ordinary users. The same is true of the sudoers file. Both contain information about users and their privileges.
> sudo /usr/bin/sh
Apparently the sudoers files has been badly configured. sudo is a very capable program but you can destroy its usefulness with lines like this:
billh ALL = NOPASSWD: ALL, (ALL)
This is the worst possible configuration in that user billh can do anything on any computer that runs sudo. You might as well remove the root password.
The proper way to configure sudo is to assign specific commands, one at a time
after each command is evaluated as to whether it is appropriate:
billh ALL = NOPASSWD: /usr/sbin/swapinfo
Now billh can run the swapinfo command as root. Since swapinfo doesn't change anything, this is a safe command to add.
But do not give users vi capability!!! Not only can the user edit (also means to trash) any file in the system, but anyone can type the :!sh string and get a shell prompt with unlimited capability. To use vi with sudo, you must specify the allowable files:
billh ALL = /usr/bin/vi /etc/ntp.conf, /usr/bin/vi /etc/motd
Good security means: take away every capability, then add one based on the user's role. An operator that runs the spooler can have access to lp commands, even /usr/bin/view, but never vi. The fullpath (/usr/bin) in a secured directory prevents a user from creating a dummy program called view which might be a script that runs vi.
Bill Hassell, sysadmin
