05-16-2007
Short answer: your current security as explained is a violation of Sarbanes-Oxley. Furthermore, if you are publicly traded, you're going to look bad in any sox-compliance audit. Get security help.
Test for publicly traded companies including their contractors, vendors or anyone with system access:
If su or sudo lets somebody, like programmers or accountants or data entry clerks or even the company president, have direct unaudited access to any file or data transmission used for input to or generated by AR, AP... any accounting/financial reporting, then it won't fly.
HIPPA - if sudo lets any non-HR person in my business (or doing work for my business as a consultant, contractor, etc.) lookup somebody else's private records without their prior authorization, then I am not in compliance. That is the test you apply. Private records = medical records, drug test records, insurance information, direct deposit information, etc.
Just get security help. Obviously, your boss does not listen to you. He will be forced to listen when it dings his department's budget. That's how it works in small companies - consultants get listened to.
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I need to identify a list of AIX command strings that can be used to parse Powerbroker logs for changes that are being made by Unix SysAdmins. Need to filter out (as much as possible) inquiry or routine maintenance activity and concentrate on software/security changes.
This is for internal... (1 Reply)
Discussion started by: bcouchtx
1 Replies
2. Solaris
Hello Everybody
I would like to know any major difference between sudo & RBAC as I am bit familiar with RBAC but not with sudo (2 Replies)
Discussion started by: girish.batra
2 Replies
3. Solaris
Dear ALL
please can anyone tell me from where can i install sudo for solaris 8 & 9
and how i can install it in the solaris server . (1 Reply)
Discussion started by: thecobra151
1 Replies
4. UNIX for Advanced & Expert Users
I have an error when using chdev with sudo as follows;
sudo chdev -l rmt0 -a block_size=512
chdev: 0514-518 Cannot access the CuDv object class in the device
configuration database.
I've added chdev in sudoers but still get the error, I guess it's something to do with CuDv... (3 Replies)
Discussion started by: gefa
3 Replies
5. Solaris
I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies
6. Shell Programming and Scripting
when the following command is issued the command prompt is received, how do I get past this?
ssh -t usera@hosta sudo su - userb -c id (4 Replies)
Discussion started by: squrcles
4 Replies
7. Shell Programming and Scripting
What I want to do is not unique, except that our environment has a twist.
I want to ssh to a remote server and issue a sudo command to run a script. This isn't working, but you'll get the gist.# ssh remotehost sudo -i -u oracle script.bashThe sudo to oracle is fine. The script.bash sets up the... (4 Replies)
Discussion started by: JustaDude
4 Replies
AULAST:(8) System Administration Utilities AULAST:(8)
NAME
aulast - a program similar to last
SYNOPSIS
aulast [ options ] [ user ] [ tty ]
DESCRIPTION
aulast is a program that prints out a listing of the last logged in users similarly to the program last and lastb. Aulast searches back
through the audit logs or the given audit log file and displays a list of all users logged in (and out) based on the range of time in the
audit logs. Names of users and tty's can be given, in which case aulast will show only those entries matching the arguments. Names of ttys
can be abbreviated, thus aulast 0 is the same as last tty0.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was
created.
The main difference that a user will notice is that aulast print events from oldest to newest, while last prints records from newest to
oldest. Also, the audit system is not notified each time a tty or pty is allocated, so you may not see quite as many records indicating
users and their tty's.
OPTIONS
--bad Report on the bad logins.
--extract
Write raw audit records used to create the displayed report into a file aulast.log in the current working directory.
-f file
Use the file instead of the audit logs for input.
--proof
Print out the audit event serial numbers used to determine the preceeding line of the report. A Serial number of 0 is a place holder
and not an actual event serial number. The serial numbers can be used to examine the actual audit records in more detail. Also an
ausearch query is printed that will let you find the audit records associated with that session.
--stdin
Take audit records from stdin.
EXAMPLES
To see this month's logins
ausearch --start this-month --raw | aulast --stdin
SEE ALSO
last(1), lastb(1), ausearch(8), aureport(8).
AUTHOR
Steve Grubb
Red Hat Nov 2008 AULAST:(8)