`sudo` session logging in binary?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
edited Jul 5 at 5:15
slm♦
233k65479651
asked Jul 5 at 3:30
yellolion
132
add a comment |Â
up vote
1
down vote
favorite
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
edited Jul 5 at 5:15
slm♦
233k65479651
asked Jul 5 at 3:30
yellolion
132
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
edited Jul 5 at 5:15
slm♦
233k65479651
asked Jul 5 at 3:30
yellolion
132
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
edited Jul 5 at 5:15
slm♦
233k65479651
asked Jul 5 at 3:30
yellolion
132
edited Jul 5 at 5:15
slm♦
233k65479651
edited Jul 5 at 5:15
slm♦
233k65479651
edited Jul 5 at 5:15
slm♦
233k65479651
233k65479651
asked Jul 5 at 3:30
yellolion
132
asked Jul 5 at 3:30
yellolion
132
asked Jul 5 at 3:30
yellolion
132
132
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
No sudo only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
answered Jul 5 at 5:13
slm♦
233k65479651
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
No sudo only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
answered Jul 5 at 5:13
slm♦
233k65479651
add a comment |Â
up vote
0
down vote
No sudo only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
answered Jul 5 at 5:13
slm♦
233k65479651
add a comment |Â
up vote
0
down vote
up vote
0
down vote
No sudo only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
answered Jul 5 at 5:13
slm♦
233k65479651
No sudo only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
answered Jul 5 at 5:13
slm♦
233k65479651
edited Jul 5 at 5:18
answered Jul 5 at 5:13
slm♦
233k65479651
answered Jul 5 at 5:13
slm♦
233k65479651
answered Jul 5 at 5:13
slm♦
233k65479651
233k65479651
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453519%2fsudo-session-logging-in-binary%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
