Shashikant shah

Tuesday 23 July 2013

Install Sudosh in CentOS-6.2


                                       SUDOSH CONFIGURATION

Question:-                                                                                               shashikant shah
I am managing a team of Linux System Administrators, which manages a large number of servers remotely. This admins require root level privileges on servers. Now how can I keep track of each user activity for audit purpose and to keep record of each command is executed on server. Recommend open source application on Linux.

What is Sudosh?
sudosh is a shell wrapper that logs all keystrokes of a terminal with output and save it into a file whcih is randmoly generated for each user. rootsh also supports logging into syslog but it is bad idea because syslog file can easily be removed by a root user.
We will create a separate folder for logs where we will apply group level privileges & apply append attribute to restrict the group members to write/read only to this folder so our files would be secured.

Install some package :-
1.yum install gcc*
2.yum install perl*
3.yum install pam-devel*
4.rpm -qa | egrep -i 'gcc|make|pam-devel'

MAKEDEV-3.23-1.2
gcc44-gfortran-4.4.0-6.el5
make-3.81-3.el5
gcc-gfortran-4.1.2-46.el5
gcc-4.1.2-46.el5
gcc-c++-4.1.2-46.el5
gcc-java-4.1.2-46.el5
libgcc-4.1.2-46.el5
compat-libgcc-296-2.96-138
gcc-objc-4.1.2-46.el5
gcc-gnat-4.1.2-46.el5
pam-devel-0.99.6.2-6.el5
gcc-objc++-4.1.2-46.el5
gcc44-4.4.0-6.el5
gcc44-c++-4.4.0-6.el

5.Install sudosh shell :-

install sudosh-1.8.2.tar.gz
/usr/local/bin/sudosh {this location save shell}

OR

install sudosh-1.8.2-2.el5.rf.i386.rpm
/usr/bin/sudosh {this location save shell}

6.useradd -s /usr/local/bin/sudosh shashi{username}

OR

# vim /etc/default/useradd

SHELL=/usr/bin/sudosh

# useradd shashi
# passwd shashi

7.Check user shell :-

# grep shashi /etc/passwd

shashi:x:500:500::/home/shashi:/usr/local/bin/sudosh

8.add the shell path :-

# vim /etc/shells
/usr/bin/sudosh
/usr/local/bin/sudosh

9.Create a log directory :-

# sudosh -i
# mkdir /var/log/sudosh
# chmod 0733 /var/log/sudosh
# chattr +a /var/log/sudosh

11.Edit some line in sudoers configure file :-

User_Alias ADMINS = shashi, jk

#SUDOSH shell
Cmnd_Alias SUDOSH = /usr/local/bin/sudosh

admins ALL=SUDOSH

12.Run a command :-
# sudo sudosh

13.Check sudosh shell :-
# sudosh-replay

Posted by at

4 comments:

  1. Adi21 February 2015 at 08:07

    ReplyDelete
  2. Adi21 February 2015 at 08:10

    Hi, thank you for writing this article.

    However I am stuck at:
    9.Create a log directory :-

    # sudosh -i

    sudosh command throws
    -bash: /usr/local/bin/sudosh: cannot execute binary file


    Any ideas why ?

    I am using sudosh1.8.2 on centos(6)

    ReplyDelete
    Replies
    1. Shashi kant 3 March 2015 at 00:55

      Hi,

      sudosh is not installed properly.

      1. Which path installed sudosh shell ?

      2.sudosh shell path add in /etc/shells file.

      3. run sudosh -i.

      Delete
  3. Shashi kant 22 February 2015 at 20:32

    ReplyDelete

Subscribe to: Post Comments (Atom)