- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Sudo logs
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2006 12:41 PM
тАО09-11-2006 12:41 PM
1. User sudo su - abc
2. after login to abc he executes "rm *"
3. exit
I have entry in sudoers file that allow this user to run su, also defines the log file in /var/log/sudo.log. Now how do I get that this user also executed "rm *" in log file.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2006 12:48 PM
тАО09-11-2006 12:48 PM
Re: Sudo logs
You kind of don't get that in the log file without scripting it.
Your standard user environment should set HISTFILE variable so that keystrokes can be logged to a file. This output can be appended to the sudo logs. Also, you could use the tee command or echo commands to route specific output to the sudo logs.
The best way to go is to write a script that peforms these actions in a safe and controlled way. This very same script can be configured to update any log you'd like updated.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2006 01:08 PM
тАО09-11-2006 01:08 PM
Solution1) Convert to a trusted system.
2) Run the 'script' command from the user's profile. You may also be able to use GNU Screen for this purpose.
3) Set $HISTFILE to a non-default value and hope the user isn't sophisticated enough to find/edit his history.
Also, don't forget to assign points to any responses that may have helped you. You are currently 0 for 9.
PCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2006 01:08 PM
тАО09-11-2006 01:08 PM
Re: Sudo logs
Security must be inconvenient so you take away su from the sudo configuration. If a user wants to do something as a specific user, that task should be identified and scripted if necessary. And note that security doesn't just mean keeping out the bad guys -- it also means preventing mistakes. Your sudo file should have explicit commands and even specific parameters to commands. For example, do not give sudo users access to the mount and umount command when they want to use a CDROM. Instead, you specify the exact command such as: mount /cdrom
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2007 06:23 PM
тАО12-16-2007 06:23 PM
Re: Sudo logs
The conversation is very interesting.
i tried to find the log inside, i can't find any sudo log inside the system?
our system is hpux 11.23i. this log is very important to track any sudo user that using the utilities right?
hope to hear from you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2007 08:21 PM
тАО12-16-2007 08:21 PM
Re: Sudo logs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2007 01:26 PM
тАО12-17-2007 01:26 PM
Re: Sudo logs
It would be better to start your own question about this. The answer is that sudo can be installed from many, many different locations and has a number of versions available. If you compiled sudo then there were many options available to configure sudo values indicating where the log is located. Also, you can set the log file location in the sudoers file. Run the command:
visudo
and see if the logfile= option has been set. As mentioned, the syslog file (/var/adm/syslog/syslog.log) file will have the details, but check /etc/syslog.conf for syslog options too.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2007 05:00 PM
тАО12-17-2007 05:00 PM
Re: Sudo logs
1. When I issue the #visudo
I can see there is a line like this:
Defaults log_year, logfile=/var/log/sudo.local.log
but when i go to /var, i can't get the log folder. do we have such hidden folder or what for this sudo security purpose?
2. i go to /etc/syslog.conf, the output are such:
# syslogd configuration file.
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
do we have to add in an entry for our sudo log?
3. I go to /var/adm/syslog/syslog.log
i can see the sudo entries there. what is the best way to go for sudo log? the syslog.log or sudo.log?
Looking forward for your awaiting reply. Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2007 06:25 PM
тАО12-17-2007 06:25 PM
Re: Sudo logs
>
>Defaults log_year,logfile=/var/log/sudo.local.log
The sudo log file is in the /var/log directory. However, if no one created the directory, then sudo logs just to syslog.
2...syslog.conf...
This is a standard syslog file. What you look for is a special file for authorizations, but none are present in this file.
3...sudo.log or syslog...
syslog is a very busy file so sorting out the sudo activities will require some work. I would change the sudoers file with visudo to read this way:
Defaults logfile=/var/adm/sudo.log
Most of the HP-UX logfiles are in /var/adm so this is a good place for the sudo log.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-18-2007 12:21 AM
тАО12-18-2007 12:21 AM
Re: Sudo logs
PLEASE do not hijack other threads, open your own thread and refer to this thread.