Security Basics mailing list archives
Fwd: How to track down which commands sudoers set up?
From: "Stuart Howard" <stuart.g.howard () gmail com>
Date: Wed, 14 Jun 2006 12:39:44 +0100
whoops! sorry peter sent to list proper this time. [vagaries of gmail] ---------- Forwarded message ---------- From: Stuart Howard <stuart.g.howard () gmail com> Date: 14-Jun-2006 12:38 Subject: Re: How to track down which commands sudoers set up? To: Peter Morgan <peterjmorgan () gmail com> I believe that sudo can be configured to limit the extent to which the proviledge is used, in other words you could probably set it up to allow your users to do what they need but not to delete their tracks eg. bash_history.or rm /var/log/* I cant say I have done this myself but I did read man sudo a while back and such things seemed possible. stu ps. If you know what specific authoirty you wish to grant rather than all except xxx it may be easier to so this. On 13/06/06, Peter Morgan <peterjmorgan () gmail com> wrote:
Are you referring to the commands issued by a user with SUDO privileges, or someone that issued the su command to change from the current user to a UID of 0 (root)? In the first case, (on my Ubuntu Dapper system) you can look in the auth.log, it will list what command the user issued through sudo. If you can't find the logfile, try this: bash-$ grep -ilr sudo /var/log and that should find what file on your system houses the logs for sudo. In the second case, I do not believe there exists a default facility in linux to track what commands a user issued when having su'ed to root. The best you could do is copy the shell history file from /root and analyze what is left of that. If the user was doing something malicious (or something they didn't want logged) they likely would have erased those entries in the shell history file. Hope this helps, Peter On 6/13/06, Jannis Kafkoulas <kajannis () web de> wrote: > Hello, > > I'd like to find out what exactly any user did after they turned to superuser > and when exactly each cmd was processed (in a Linux box). > > Can someone help me managing this? > > Many thanks > > Jannis > ______________________________________________________________ > Verschicken Sie romantische, coole und witzige Bilder per SMS! > Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193 > >
-- "There are 10 types of people in this world: those who understand binary, those who don't" --Unknown -- "There are 10 types of people in this world: those who understand binary, those who don't" --Unknown
Current thread:
- How to track down which commands sudoers set up? Jannis Kafkoulas (Jun 13)
- Re: How to track down which commands sudoers set up? James Harless (Jun 13)
- Re: How to track down which commands sudoers set up? Erin Carroll (Jun 14)
- Re: How to track down which commands sudoers set up? Isaac Perez (Jun 13)
- Re: How to track down which commands sudoers set up? Sergio Guzman Lorz (Jun 14)
- Re: How to track down which commands sudoers set up? Peter Morgan (Jun 13)
- Message not available
- Fwd: How to track down which commands sudoers set up? Stuart Howard (Jun 14)
- Message not available
- Re: How to track down which commands sudoers set up? Michael Rice (Jun 14)
- Re: How to track down which commands sudoers set up? James Harless (Jun 13)
- Re: How to track down which commands sudoers set up? Huzeyfe Onal (Jun 14)
- Re: How to track down which commands sudoers set up? jm (Jun 14)
- Re: How to track down which commands sudoers set up? ascii (Jun 14)
- Re: How to track down which commands sudoers set up? Joe Hood (Jun 14)