[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] -m

To: Doug Hanks <dhanks@gmail.com>
Subject: Re: [SAGE] -m
From: Cat Okita <cat@reptiles.org>
Date: Fri, 1 Oct 2004 13:21:09 -0400 (EDT)
cc: adamm@menlo.com, SAGE Members <sage-members@usenix.org>
In-Reply-To: <82a71f8a04100110094ceed73b@mail.gmail.com>
Sender: owner-sage-members@usenix.org

On Fri, 1 Oct 2004, Doug Hanks wrote:
> Regarding your poor attitude:  you could be a very intelligent
> individual, but when you do not know how to socially interact and
> riddle your responses with personal insults, people such as myself are
> blind to your logic.

Uh, Doug? Are you having a bad day?  You seem to be reading things into
both Bill and Adam's responses that just aren't there - and it doesn't
improve your credibility when you attack others for no apparent reason.

> I did not claim syslog was "secure."  I said that sudosh uses syslog
> to log the input and output of a root shell and apply timestamps.
>
> If you do not like syslog logging, please feel free to submit a sudosh
> patch using another logging mechanism.
>
> I understand how syslog works, i've read all of the source code for
> it.  I also know it can be tampered with, just like anything else;
> which goes back to my original question:  what would you recommend
> that would provide better logging (that is somewhat standard on all
> UNIX flavours) besides syslog?

The basic problem that everybody's been addressing here is your
suggestion that the combination of sudosh and syslog meets SOX
compliance - which really doesn't seem to be the case.

We all agree that you've got a neat tool in terms of tracking what users
are actually doing once they procure a shell from sudo - it's the degree
to which it'll protect our patootsies from lawsuits that's in question.

I'd suggest that the site http://loganalysis.org [run by our very own
Tina Bird and Marcus Ranum] would be an excellent starting place to
find more information about logging in general, and improved secure
logging solutions in specific.  There's a pile of syslog replacements
listed at:

  http://loganalysis.org/sections/syslog/syslog-replacements/index.html

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

Follow-Ups:
- Re: [SAGE] Re: Official sudosh announcement
  - From: Chris Zappala <cmd@theworld.com>

References:
- Re: [SAGE] -m
  - From: Doug Hanks <dhanks@gmail.com>

Prev by Date: [SAGE] How did that "-m" get there?
Next by Date: Re: [SAGE] Re: Official sudosh announcement
Prev by thread: Re: [SAGE] -m
Next by thread: Re: [SAGE] Re: Official sudosh announcement
Index(es):
- Date
- Thread