- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- Re: Track activity of sudo users
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-02-2011 08:39 AM
06-02-2011 08:39 AM
Track activity of sudo users
There are lot of users in my system, they are not local users and does not exist in /etc/passwd. thay are vintella users and they have sudo rights. generally thay login with there id and become root by sudo su - root. now all the activity goes to root history file or in root environment so i m not able to trace which user has done what. need all your help to put a mechanism in place to track all these activity.
Thanks
- Tags:
- sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-02-2011 03:27 PM
06-02-2011 03:27 PM
Re: Track activity of sudo users
sudo logs all transactions.
/var/adm/sulog
Pretty much all you have to do is log in and look at it. You might want to use a shell script to pretty up the results.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-02-2011 04:12 PM
06-02-2011 04:12 PM
Re: Track activity of sudo users
By default, 'sudo' logs successful and unsuccessful activity in the 'syslog'. The '/var/adm/su' file applies to the 'su' command.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-02-2011 06:08 PM
06-02-2011 06:08 PM
Re: Track activity of sudo users
This completely disables sudo logging capability. You need to disallow su for these users and tell them to use the command correctly:
sudo ioscan
In other words, they must type sudo for EVERY root command that they run. Once they start su - root, a new shell is started and sudo logs stop. This may irritate the users but root privilege is far to powerful to casually give to these non-sysadmins without restrictions. Personally, I would list only the root commands that are safe for these users and require them to call a trained sysadmin to run dangerous commands that affect disks and volume groups.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-03-2011 04:00 AM
06-03-2011 04:00 AM
Re: Track activity of sudo users
Thanks again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-03-2011 05:31 AM
06-03-2011 05:31 AM
Re: Track activity of sudo users
If you aren't going to disable su as an authorized command in sudo, then there's not much you can do. The decision to give non-sysadmins access to unrestricted sudo (and su) was misguided. If your systems are audited, they will fail due to unrestricted root access. Logging what the users did when they were root is too late. A single chmod -R or rm -rf * from an novice user can totally destroy the system. Good security has two purposes: Keep the bad guys out, and keep users from making very bad mistakes.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-03-2011 05:43 AM
06-03-2011 05:43 AM
Re: Track activity of sudo users
I agree with Bill, full root access for the untrained admin is like giving everyone grenades and rocketlaunchers. Sooner or later, boom!
If they must have root access, first train them to use "sudo -i" instead of sudo su -. Same effect, they get a root shell. Also, using "sudo -i" will set an environment variable SUDO_USER that you can use in the root profile, perhaps like:
if [ -z "${SUDO_USER:-}" ] ; then
SUDO_USER=$(/usr/bin/logname)
fi
if [ -z "${SUDO_USER:-}" -o "${SUDO_USER:-}" = "root" ] ; then
export HISTFILE=~/.sh_history
else
export HISTFILE=/var/adm/histfile/history.${SUDO_USER}
fi
export HISTSIZE=10000
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-06-2011 05:08 AM
06-06-2011 05:08 AM
Re: Track activity of sudo users
i just want to trace there activity in a file like different file for different user.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP