[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Re: Official sudosh announcement

To: Peter Van Epp <vanepp@sfu.ca>
Subject: Re: [SAGE] Re: Official sudosh announcement
From: Doug Hanks <dhanks@gmail.com>
Date: Fri, 1 Oct 2004 10:45:01 -0700
Cc: sage-members@usenix.org
In-Reply-To: <20041001170458.GC20177@sfu.ca>
References: <82a71f8a040929191517285252@mail.gmail.com> <415D1B64.1030505@lefebvre.org> <415D66C0.9000700@cookie.org> <20041001143054.GE35869@seekingfire.com> <415D6DA3.1060201@lefebvre.org> <82a71f8a04100109077e36c3bb@mail.gmail.com> <415D8323.9000203@lefebvre.org> <20041001122742.H22430@gwyn.tux.org> <82a71f8a04100109404ad4dbe7@mail.gmail.com> <20041001170458.GC20177@sfu.ca>
Reply-To: Doug Hanks <dhanks@gmail.com>
Sender: owner-sage-members@usenix.org

Hi All,

Thanks for all of the good feedback.

Regardless of syslogs shortcomings, one of the most important things
about it is that syslog is portable.  It works on Linux, BSD, AIX,
Solaris, HPUX, and many others.  Syslog provides me a standard API and
it also timestamps my logs.  This allows me to use sudosh on a great
number of platforms instead of just Linux, which is common with open
source tools.

I do not claim that syslog is secure or highly dependant, but what it
does it provide a better mechanism than shell history itself to keep
track of a root shell.

SOX is a funny animal.  Most people don't understand it.  Most people
have read it, what little there is.  Some people have worked with PWC
contractors and have a better insight as to the requirements.  Some
people have already went through audits and have a very good idea of
what they're looking for.  I've been through all the stages.

At this point in time sudosh is working for SOX requirements.  It's
providing the base requirements that you need to be accountable.  I
can do so with the timestamps and multiple copies of my syslog.

Even when I submit the sudo patch into the main trunk it will still
use syslog, just as sudo itself does.  This isn't a problem with
sudosh or sudo.  It's a problem with the way the local administrator
performs logging.  If you want better logging I suggest you use
syslog-ng + SSL + stunnel + TCP + hosts.deny|allow.

References:
- [SAGE] Official sudosh announcement
  - From: Doug Hanks <dhanks@gmail.com>
- Re: [SAGE] Re: Official sudosh announcement
  - From: William LeFebvre <bill@lefebvre.org>
- Re: [SAGE] Re: Official sudosh announcement
  - From: Allan West <allan@cookie.org>
- Re: [SAGE] Re: Official sudosh announcement
  - From: Tillman Hodgson <tillman@seekingfire.com>
- Re: [SAGE] Re: Official sudosh announcement
  - From: William LeFebvre <bill@lefebvre.org>
- Re: [SAGE] Re: Official sudosh announcement
  - From: Doug Hanks <dhanks@gmail.com>
- Re: [SAGE] Re: Official sudosh announcement
  - From: William LeFebvre <bill@lefebvre.org>
- Re: [SAGE] Re: Official sudosh announcement
  - From: Joseph S D Yao <jsdy@tux.org>
- Re: [SAGE] Re: Official sudosh announcement
  - From: Doug Hanks <dhanks@gmail.com>
- Re: [SAGE] Re: Official sudosh announcement
  - From: Peter Van Epp <vanepp@sfu.ca>

Prev by Date: Re: [SAGE] -m
Next by Date: Re: [SAGE] Re: Official sudosh announcement
Prev by thread: Re: [SAGE] Re: Official sudosh announcement
Next by thread: Re: [SAGE] Re: Official sudosh announcement
Index(es):
- Date
- Thread