Save sudo logs on a remote computer

Collection Point

Client Configuration for Secure Data Transmission

To let the client know to which system to send the sudo logs, use visudo to add the following statements to the sudoers file:

Defaults log_servers=<IP address>:30344(tls)
Defaults log_server_cabundle=/etc/pki/tls/cert.pem

Of course, you will need to replace <IP address> with the IP address of the system on which you just set up the sudo_logsrvd service. From now on, the client's sudo session logs will end up on the central logging system. A call to sudoreplay -l should confirm this.

Conclusions

In the new 1.9 version, sudo now offers the ability to store I/O logs on remote systems. A new sudo_logsrvd service exists for this purpose, and it can communicate with clients over a secure TLS channel. To structure the data to be transmitted, sudo uses Google's Protocol Buffer Language [4].

Infos

  1. New features in sudo version 1.9.0: https://www.sudo.ws/stable.html#1.9.0
  2. sudo source code: https://github.com/sudo-project/sudo
  3. sudo download: https://www.sudo.ws/download.html
  4. Google Protocol Buffer Language: https://developers.google.com/protocol-buffers/docs/overview

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus