01-13-2004
Sudo logging is nice, but be sure to have it log to syslog and have it send to a central syslog server so logs are not local. Keep in mind that a malicous educated user can still disable syslog to hide his/her actions. Always grant permissions from the standpoint of giving just enough rights to get the job done. You shouldn't grant a user root if all he needs to do is stop/start a webserver...
What OS are you on? Some UNIX flavors have "unalterable" auditing capabilities built-in that can address BSM requirements.
Cheers,
Keith
10 More Discussions You Might Find Interesting
1. HP-UX
how can I find cpu usage memory usage swap usage and
I want to know CPU usage above X% and contiue Y times and memory usage above X % and contiue Y times
my final destination is monitor process
logical volume usage above X % and number of Logical voluage above
can I not to... (3 Replies)
Discussion started by: alert0919
3 Replies
2. AIX
How to monitor the IBM AIX server for I/O usage, memory usage, CPU usage, network usage, storage usage? (3 Replies)
Discussion started by: laknar
3 Replies
3. UNIX for Dummies Questions & Answers
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies
4. Solaris
what are the major Difference Between run level & init level (2 Replies)
Discussion started by: rajaramrnb
2 Replies
5. AIX
Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run?
sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I have few doubts regarding "sudo" command. It acutally allows access to other commands as a different user. It stands for "superuser do".
Now, we execute a command as
sudo su - oracle
Can you please tell me what does it do actually, thank you. (6 Replies)
Discussion started by: Dev_Dev
6 Replies
7. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
8. Shell Programming and Scripting
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies
9. Shell Programming and Scripting
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies
10. Red Hat
We have a RHEL 5.8 server at the production level and we have a Java application on this server. I know of the SSL certificate generation at the OS (RHEL) level but it is implemented on the Java application by our development team using the Java keytool. My doubt is that is the SSL generation can... (3 Replies)
Discussion started by: RHCE
3 Replies
SYSLOG(3) 1 SYSLOG(3)
syslog - Generate a system log message
SYNOPSIS
bool syslog (int $priority, string $message)
DESCRIPTION
syslog(3) generates a log message that will be distributed by the system logger.
For information on setting up a user defined log handler, see the syslog.conf(5) Unix manual page. More information on the syslog facili-
ties and option can be found in the man pages for syslog(3) on Unix machines.
PARAMETERS
o $priority
-$priority is a combination of the facility and the level. Possible values are:
syslog(3) Priorities (in descending order)
+------------+------------------------------------+
| Constant | |
| | |
| | Description |
| | |
+------------+------------------------------------+
| | |
| LOG_EMERG | |
| | |
| | system is unusable |
| | |
| | |
| LOG_ALERT | |
| | |
| | action must be taken immediately |
| | |
| | |
| LOG_CRIT | |
| | |
| | critical conditions |
| | |
| | |
| LOG_ERR | |
| | |
| | error conditions |
| | |
| | |
|LOG_WARNING | |
| | |
| | warning conditions |
| | |
| | |
|LOG_NOTICE | |
| | |
| | normal, but significant, condition |
| | |
| | |
| LOG_INFO | |
| | |
| | informational message |
| | |
| | |
| LOG_DEBUG | |
| | |
| | debug-level message |
| | |
+------------+------------------------------------+
o $message
- The message to send, except that the two characters %m will be replaced by the error message string (strerror) corresponding to
the present value of errno.
RETURN VALUES
Returns TRUE on success or FALSE on failure.
EXAMPLES
Example #1
Using syslog(3)
<?php
// open syslog, include the process ID and also send
// the log to standard error, and use a user defined
// logging mechanism
openlog("myScriptLog", LOG_PID | LOG_PERROR, LOG_LOCAL0);
// some code
if (authorized_client()) {
// do something
} else {
// unauthorized client!
// log the attempt
$access = date("Y/m/d H:i:s");
syslog(LOG_WARNING, "Unauthorized client: $access {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
}
closelog();
?>
NOTES
On Windows NT, the syslog service is emulated using the Event Log.
Note
Use of LOG_LOCAL0 through LOG_LOCAL7 for the $facility parameter of openlog(3) is not available in Windows.
SEE ALSO
openlog(3), closelog(3).
PHP Documentation Group SYSLOG(3)