`sudo` session logging in binary?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo
write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
add a comment |Â
up vote
1
down vote
favorite
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo
write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo
write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo
write any logs in binary format; if yes
- which logs are written in binary?
- which version of sudo is it?
- does this happen only on a specific flavor of unix os - rhel, aix, debian?
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
sudo logs
edited Jul 5 at 5:15
slmâ¦
233k65479651
233k65479651
asked Jul 5 at 3:30
yellolion
132
132
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
No sudo
only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo
, are to enable the log_input
and log_output
which do nothing more than act as the script
command does, and capture the commands passed into sudo
and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd
instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo
there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo
, called dzdo
. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo
that's opensource is FreeIPA's centrally managed sudo
polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
No sudo
only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo
, are to enable the log_input
and log_output
which do nothing more than act as the script
command does, and capture the commands passed into sudo
and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd
instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo
there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo
, called dzdo
. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo
that's opensource is FreeIPA's centrally managed sudo
polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
add a comment |Â
up vote
0
down vote
No sudo
only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo
, are to enable the log_input
and log_output
which do nothing more than act as the script
command does, and capture the commands passed into sudo
and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd
instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo
there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo
, called dzdo
. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo
that's opensource is FreeIPA's centrally managed sudo
polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
add a comment |Â
up vote
0
down vote
up vote
0
down vote
No sudo
only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo
, are to enable the log_input
and log_output
which do nothing more than act as the script
command does, and capture the commands passed into sudo
and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd
instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo
there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo
, called dzdo
. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo
that's opensource is FreeIPA's centrally managed sudo
polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
No sudo
only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo
, are to enable the log_input
and log_output
which do nothing more than act as the script
command does, and capture the commands passed into sudo
and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd
instead. It can log pretty extensively what's going on with respect to a Linux node.
Alternatives, if you're interested...
In addition to sudo
there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo
, called dzdo
. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo
that's opensource is FreeIPA's centrally managed sudo
polices and logging.
References
- Linux file access monitoring
- How can you log every command typed
edited Jul 5 at 5:18
answered Jul 5 at 5:13
slmâ¦
233k65479651
233k65479651
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453519%2fsudo-session-logging-in-binary%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password