Re: [SAGE] Re: Official sudosh announcement

[Cat Okita <cat@reptiles.org>]

On Fri, 1 Oct 2004, Doug Hanks wrote:
> Thanks for the feedback.  I'll just ignore your attitude, because I
> know it runs rampant in the technical community.
>
> sudosh provides accountability through syslog.  Nothing else out there does.

I think that you're missing Bill's point.  He's pointing out that your
tool is a valuable addition, but that there are issues with a blanket
statement that your tool meets the SOX accountability requirements.

The scenario that you present seems to presume that syslog records are
kept on the local box, as well as on the central logging host, and
that the arrival of the syslog messages is guaranteed.  Neither of these
presumptions are accurate under many circumstances.  Standard syslog,
as I'm sure you know is UDP.

> If you wanted to modify the output you would have to do so on at least
> 2 servers and get the formatting right.  Not to mention you would have
> to explain the syslog gap on the loghost that covers the amount of
> time you took to perform the work, unless you scripted it.

This isn't nearly as difficult as you seem to believe.

> Point being is that sudosh is identical to sudo -s, except your stuff
> goes to syslog.  I also suggest you send the syslog to a central or
> distributed loghosts.

... which is a neat tool, yes.  It simply doesn't meet the accountability
requirements for SOX as a standalone piece.  A help, certainly.  An
answer? No.

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."