Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: sudo log and sudo auditing
Operating Systems AIX sudo log and sudo auditing Post 302478692 by kah00na on Wednesday 8th of December 2010 04:11:40 PM
Old 12-08-2010
It would be better if you just didn't allow a user to use the "su" command with sudo. You could add something like this into your /etc/sudoers file to keep them from running the "su" command.
Code:
User_Alias      usergroup = user1,user2
Cmnd_Alias      userlist = /usr/bin/vi,/usr/bin/mv,/usr/bin/cp,/usr/bin/chmod,/usr/bin/chown,/usr/bin/tar
usergroup      ALL = userlist, !/usr/bin/vi /etc/sudoers

Also, it would be good if you prevented them from using "sudo" to vi the /etc/sudoers file so they can't change your new "better secured" configuration (also in the configuration above). That would be funny if you didn't set it up and they did change your /etc/sudoers file.... anyway, this configuration would allow you to track all their commands via the sudo log.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

sudo log files

folks; I just did setup sudo on Solaris 10 through "sudoer" file. Now, i try to look at the log files to see any user activities under /var/log/syslog & all i see if someone try to run "sudo -u root tcsh" & got an error or was successful. But i don't see any activities, for example: if a user... (0 Replies)
Discussion started by: Katkota
0 Replies

2. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

3. Cybersecurity

sudo /bin/sh or sudo su -

we are looking at changing the way we get root on our network. in our current system if an admin needs root access he just gets the root password and uses an su. some of our staff have decided that a sudo to "/bin/sh" will be easer. some of our staff think a sudo to "su -" will be better. I... (0 Replies)
Discussion started by: robsonde
0 Replies

4. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

5. UNIX for Advanced & Expert Users

Sudo log

Hello, Is it possible to configure the sudo log to register the logname instead of the username? I mean, if user A logs and su (switch user) to user B and then uses SUDO to execute commands, the log will register actions of user B. What I need is to register these actions as being executed... (1 Reply)
Discussion started by: crematoriumm
1 Replies

6. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

7. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

8. UNIX for Dummies Questions & Answers

Sudo log

hi, i have installed sudo now want to create sudo log file to capture every sudo event like "if any user does sudo and then runs a command line, this all must be captured who did what" kindly assist plantform:- linux RHEL, soalris 10 (1 Reply)
Discussion started by: firozk679
1 Replies

9. Shell Programming and Scripting

Sudo or su keeps flooding my /var/log/messages

It is crazy when you just entered a command example sudo or su or even ps. It will flood your /var/log/messages. Please see duplicate entries except for the pid. At 1 specific time. Thanks $ cat b Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan... (3 Replies)
Discussion started by: invinzin21
3 Replies

LEARN ABOUT SUNOS

getusershell

getusershell(3C)					   Standard C Library Functions 					  getusershell(3C)

NAME

       getusershell, setusershell, endusershell - get legal user shells

SYNOPSIS

       #include <unistd.h>

       char *getusershell(void);

       void setusershell(void);

       void endusershell(void);

DESCRIPTION

       The  getusershell()  function  returns  a  pointer  to  a  legal  user  shell  as defined by the system manager in the file /etc/shells. If
       /etc/shells does not exist, the following locations of the standard system shells are used in its place:

       /bin/bash		  /bin/csh
       /bin/jsh 		  /bin/ksh
       /bin/pfcsh		  /bin/pfksh
       /bin/pfsh		  /bin/sh
       /bin/tcsh		  /bin/zsh
       /sbin/jsh		  /sbin/pfsh
       /sbin/sh 		  /usr/bin/bash
       /usr/bin/csh		  /usr/bin/jsh
       /usr/bin/ksh		  /usr/bin/pfcsh
       /usr/bin/pfksh		  /usr/bin/pfsh
       /usr/bin/sh		  /usr/bin/tcsh
       /usr/bin/zsh		  /usr/xpg4/bin/sh

       The getusershell() function opens the file /etc/shells, if it exists, and returns the next entry in the list of shells.

       The setusershell() function rewinds the file or the list.

       The endusershell() function closes the file, frees any memory used by getusershell() and setusershell(), and rewinds the file /etc/shells.

RETURN VALUES

       The getusershell() function returns a null pointer on EOF.

BUGS

       All information is contained in memory that may be freed with a call to endusershell(), so it must be copied if it is to be saved.

SunOS 5.10							    30 Aug 2004 						  getusershell(3C)
All times are GMT -4. The time now is 11:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy