Hi Admins,
I have a Security question here. We have a bunch of users ( around 25) who needs to have sudo capabilities to run some jobs. I add them in the sudoers list, once confirmed their intention.
Now im having a headache, who is accessing another persons home directory and who is changing the file permission Etc.
- Is there a way to alert the administrator once a user sudo su -
as another person ?
From my understanding an email get alerted once a person who is not in the sudoers list try to sudo su. How for the situation above.
Any advise..
Have you turned on the sudo logging facility?
Sudo logging is nice, but be sure to have it log to syslog and have it send to a central syslog server so logs are not local. Keep in mind that a malicous educated user can still disable syslog to hide his/her actions. Always grant permissions from the standpoint of giving just enough rights to get the job done. You shouldn't grant a user root if all he needs to do is stop/start a webserver...
What OS are you on? Some UNIX flavors have "unalterable" auditing capabilities built-in that can address BSM requirements.
Cheers,
Keith