`sudo` session logging in binary?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.



I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes



  1. which logs are written in binary?

  2. which version of sudo is it?

  3. does this happen only on a specific flavor of unix os - rhel, aix, debian?

The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.







share|improve this question

























    up vote
    1
    down vote

    favorite












    I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.



    I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes



    1. which logs are written in binary?

    2. which version of sudo is it?

    3. does this happen only on a specific flavor of unix os - rhel, aix, debian?

    The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.







    share|improve this question























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.



      I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes



      1. which logs are written in binary?

      2. which version of sudo is it?

      3. does this happen only on a specific flavor of unix os - rhel, aix, debian?

      The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.







      share|improve this question













      I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.



      I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes



      1. which logs are written in binary?

      2. which version of sudo is it?

      3. does this happen only on a specific flavor of unix os - rhel, aix, debian?

      The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.









      share|improve this question












      share|improve this question




      share|improve this question








      edited Jul 5 at 5:15









      slm♦

      233k65479651




      233k65479651









      asked Jul 5 at 3:30









      yellolion

      132




      132




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          No sudo only logs as ASCII.



          The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.



          For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.



          For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.



          Alternatives, if you're interested...



          In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.



          The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.



          References



          • Linux file access monitoring

          • How can you log every command typed





          share|improve this answer























            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );








             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453519%2fsudo-session-logging-in-binary%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote













            No sudo only logs as ASCII.



            The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.



            For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.



            For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.



            Alternatives, if you're interested...



            In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.



            The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.



            References



            • Linux file access monitoring

            • How can you log every command typed





            share|improve this answer



























              up vote
              0
              down vote













              No sudo only logs as ASCII.



              The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.



              For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.



              For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.



              Alternatives, if you're interested...



              In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.



              The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.



              References



              • Linux file access monitoring

              • How can you log every command typed





              share|improve this answer

























                up vote
                0
                down vote










                up vote
                0
                down vote









                No sudo only logs as ASCII.



                The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.



                For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.



                For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.



                Alternatives, if you're interested...



                In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.



                The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.



                References



                • Linux file access monitoring

                • How can you log every command typed





                share|improve this answer















                No sudo only logs as ASCII.



                The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.



                For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.



                For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.



                Alternatives, if you're interested...



                In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.



                The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.



                References



                • Linux file access monitoring

                • How can you log every command typed






                share|improve this answer















                share|improve this answer



                share|improve this answer








                edited Jul 5 at 5:18


























                answered Jul 5 at 5:13









                slm♦

                233k65479651




                233k65479651






















                     

                    draft saved


                    draft discarded


























                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453519%2fsudo-session-logging-in-binary%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?