• NAME
• DESCRIPTION
• DOCUMENTATION
• SECURITY
• INSTALLATION
• CONFIGURATION
• README
• PORCMOLSULB
• PORTING
• WEB SITE
• PLATFORMS
• SEE ALSO
• AUTHOR
• COPYRIGHT AND LICENSE

NAME

sudoscript -a system for audited shells with sudo(8) and script(1)

DESCRIPTION

sudoscript is a system that audits a shell run under sudo(8) It does this using the venerable unix command script(1) The system consists of two Perl scripts and one Perl module.. The front-end script is called sudoshell(1) (also ss(1)). The backend script is sudoscriptd(8). The Perl module is Sudoscript(3pm). Each of these have their own man pages which it would be well for a system administrator to read before implementing sudoscript. This manpage describes where to get more information about sudoscript.

DOCUMENTATION

sudoscript comes with some documentation that is helpful for system administrators who are deploying the system. On Linux, this documentation is in /usr/share/doc/sudoscript-${VERSION}. On all other platforms the documentation is in /usr/local/doc/sudoscript-${VERSION}. In each case, ``${VERSION}'' is replaced with the version of sudoscript.

SECURITY

Especially when enabling a root shell, sudoscript cannot prevent a user from evading the the audit trail it provides. This is true even if the user is not root. The file SECURITY in the distribution and in the documentation directory describes this in detail. It should be mandatory reading before any attempt is made to deploy sudoscript.

INSTALLATION

The steps required to install sudoscript are documented in the INSTALL file in the distribution and in the documentation directory.

CONFIGURATION

Given some configuration of the sudoers(5) file, sudoscript can enable a root shell, or a shell as some other user. The details of how to go about this are in the file SUDOCONFIG in the distribution, and in the documentation directory.

README

A description of sudoscript that goes into more detail than this man page can be found in the README file in the distribution, and in the documentation directory.

PORCMOLSULB

The paper ``The Problem of PORCMOLSULB: Can Root be Controlled in Engineering Environments?'' is included in the distribution, and in the documentation directory. This paper describes the events that lead up to writing sudoscript, and gives some idea of why I consider the system useful.

PORTING

Some thoughts about how to go about porting sudoscript to a new Unix platform are given in the PORTING file in the distribution and in the documentation directory.

WEB SITE

The sudoscript web site is at http://www.egbok.com/sudoscript. New versions are released there first, before they hit sourceforge or freshmeat.

PLATFORMS

sudoscript currently runs on the following platforms:

Linux

Tested on Red Hat 6.2 through 9, and Debian Woody.

Solaris

Latest version tested on Solaris 9/Intel. Earlier versions were tested on Solaris 7 and 8/Sparc and Solaris 8/Intel.

FreeBSD

Tested on FreeBSD 4.3

OpenBSD

Tested on version 3.3

HP-UX

Tested on version 11 by Donny Jekels.

SEE ALSO

sudoscriptd(8)

sudoshell(1)

Sudoscript(3pm)

sudo(8)

sudoers(5)

http://www.egbok.com/sudoscript

AUTHOR

Howard Owen, <hbo@egbok.com>

COPYRIGHT AND LICENSE

Copyright 2003 by Howard Owen

sudoscript is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

``The Problem of PORCMOLSULB'' was orginally published in the August 2002 issue of ;login. The paper is distributed under a Creative Commons license, which may be viewed at http://creativecommons.org/licenses/by-sa/1.0/.