| Sudoscriptd/sudoshell
are a pair of Perl scripts that provide an audited shell using sudo If
you are familiar with sudo, you might well ask "doesn't running a
shell under sudo defeat the purpose of the tool?" Yes and no. One
reason for running sudo is to limit what commands can be run by users.
These scripts do indeed defeat that purpose. But another reason to run
sudo is to maintain an audit trail of commands issued by users with root
privilege. These scripts preserve that audit trail by logging all terminal
output to log files.
Though giving a user an unrestricted root shell
allows them to evade auditing innocently (by running an xterm for example)
or maliciously (by changing the root password to give just one of way
too many examples), you may have no choice but to give your users such
a shell. This may be because they truly need the flexibility of a root
shell, or just because they think they do and can convince their managers
to let them have it. Either way, you are stuck with losing your audit
trail or using something like this tool.
The Details
Sudoshell (also ss) is a small Perl script that works in conjunction with
a logging daemon, sudoscriptd, to log all activity within a root shell.
It uses the Unix script(1) command to create the log. Once invoked, all
console commands and output are logged to a fifo. The logging daemon reads
from this fifo and manages log files to store the data produced. The logs
are rotated to ensure that they do not overflow the disk space on the
logging partition. Sudoshell checks to see if the daemon is running and
offers to start it if it is not. (It does this with sudo, so you need
to have sudo access to perform this step.) Sudoshell then checks to see
if it has been run with root privilege, via 'sudo sudoshell' or otherwise.
If not, it reinvokes itself using sudo. The script then checks the user's
SHELL environment variable. If the value of this variable doesn't match
one of the shells listed in /etc/shells, sudoshell refuses to run. Next
the logging fifo is checked. If it exists, sudoshell runs the script command
using the fifo as the typescript. If it doesn't exist, sudoshell exits
The Really Picky Details
I have written a paper, published in the August 2002 issue of ;login,
that details the experiences that led up to writing sudoscript. The paper
is called "The Problem of PORCMOLSULB" and can be retrieved
here as HTML or as PDF.
The XML source, DTD and stylesheets are in the sudoscript
distribution
|
