Recipe 5.17 Logging sudo Remotely

5.17.1 Problem

You want your sudo logs kept off-host to prevent tampering or interference.

5.17.2 Solution

Use syslog 's @otherhost syntax: [Recipe 9.29]

/etc/syslog.conf: authpriv.*         @securehost

5.17.3 Discussion

Remember that the remote host's syslogd needs must be invoked with the -r flag to receive remote messages. Make sure your remote host doesn't share root privileges with the sudo host, or else this offhost logging is pointless.

5.17.4 See Also

syslog.conf(5), syslogd(8).



Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net