Solved

How to Audit User Commands When sudo su - to Another User

Posted on 2011-09-28
5
1,212 Views
Last Modified: 2012-06-21
We have a team of people that login to unix servers as their individual ID, then need to "sudo su - shareduser" to a shared user ID.  It is possible that you could have several people logged into the same server at the same time that has switched to the shared user.  The question is - is it possible to keep an audit trail of the commands that each individual user runs as the shared ID?  Is so, can you tell me how this is done?  We are using two flavors of UNIX, AIX and RedHat Linux.
0
Comment
Question by:lphillips
  • 2
  • 2
5 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 36813150
Normally script command is used.  Did you try that?

script filename


And then you log everything.  You should script in a folder where everyone can write.  I am not sure if it would persist su but it is worth trying at least.

You will have to type exit twice at the end, once to revert to original account and second to terminate script command.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36814300
Does it have to be "sudo su -"?

Wouldn't it be sufficient runnig "sudo -u shareduser some_command" ?

Of course this will require a bit more effort in setting up the sudoers file, but on the other hand you can have a perfect audit trail this way.

wmp

0
 

Author Comment

by:lphillips
ID: 36814384
woolmilkporc - is it possible to setup it up where any command/script in a certain directory can be run?  For example if we had:

/allmycommands/bin/

And there were lots of scripts, AND they need to have arguments passed on the command line, is this doable?  How would that look in the sudoers file?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 36814537
Yes, that's simple. Let's assume there is a group "individuals" where all concerned users belong to.

Add to the sudoers file using "visudo":

Defaults:%individuals   syslog=local7
%individuals ALL=(shareduser) NOPASSWD:/allmycommands/bin/


The "individuals" members are allowed to run eyerything (scripts/commands) which are in /allmycommands/bin/
with any number of arguments under the credentials of "shareduser", like this:

sudo -u shareduser /allmycommands/bin/somescript parm1 parm2 parm3

The example sudoers entry above isolates the log data of this particular group by using "local7" as the log facility.
Choose a different one if local7 is already in use at your system(s).

Add to /etc/syslog.conf:

local7.* /var/adm/individuals.sudolog

issue touch /var/adm/individuals.sudolog

and restart syslogd (AIX: refresh -s syslogd).

wmp

0
 

Author Closing Comment

by:lphillips
ID: 36814567
thank you!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX 5.3 group password policy changes 7 27
sort command HPUX 11 65
LastLogonTimeStamp Attribute 7 48
Unix Command -- Challenging  question 7 87
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now