GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SUDOSCRIPT (8)

NAME

sudoscript -a system for audited shells with sudo(8) and script(1)

CONTENTS

DESCRIPTION

sudoscript is a system that audits a shell run under sudo(8) It does this using the venerable unix command script(1) The system consists of two Perl scripts and one Perl module.. The front-end script is called sudoshell(1) (also ss(1)). The backend script is sudoscriptd(8). The Perl module is Sudoscript(3pm). Each of these have their own man pages which it would be well for a system administrator to read before implementing sudoscript. This manpage describes where to get more information about sudoscript.

DOCUMENTATION

sudoscript comes with some documentation that is helpful for system administrators who are deploying the system. On Linux, this documentation is in /usr/share/doc/sudoscript-${VERSION}. On all other platforms the documentation is in /usr/local/doc/sudoscript-${VERSION}. In each case, ${VERSION} is replaced with the version of sudoscript.

SECURITY

Especially when enabling a root shell, sudoscript cannot prevent a user from evading the the audit trail it provides. This is true even if the user is not root. The file SECURITY in the distribution and in the documentation directory describes this in detail. It should be mandatory reading before any attempt is made to deploy sudoscript.

INSTALLATION

The steps required to install sudoscript are documented in the INSTALL file in the distribution and in the documentation directory.

CONFIGURATION

Given some configuration of the sudoers(5) file, sudoscript can enable a root shell, or a shell as some other user. The details of how to go about this are in the file SUDOCONFIG in the distribution, and in the documentation directory.

README

A description of sudoscript that goes into more detail than this man page can be found in the README file in the distribution, and in the documentation directory.

PORCMOLSULB

The paper The Problem of PORCMOLSULB: Can Root be Controlled in Engineering Environments? is included in the distribution, and in the documentation directory. This paper describes the events that lead up to writing sudoscript, and gives some idea of why I consider the system useful.

PORTING

Some thoughts about how to go about porting sudoscript to a new Unix platform are given in the PORTING file in the distribution and in the documentation directory.

WEB SITE

The sudoscript web site is at http://www.egbok.com/sudoscript. New versions are released there first, before they hit sourceforge or freshmeat.

PLATFORMS

sudoscript currently runs on the following platforms:
Linux Tested on Red Hat 6.2 through 9, and Debian Woody.
Solaris Latest version tested on Solaris 9/Intel. Earlier versions were tested on Solaris 7 and 8/Sparc and Solaris 8/Intel.
FreeBSD Tested on FreeBSD 4.3
OpenBSD Tested on version 3.3
HP-UX Tested on version 11 by Donny Jekels.

SEE ALSO

sudoscriptd(8)

sudoshell(1)

Sudoscript(3pm)

sudo(8)

sudoers(5)

http://www.egbok.com/sudoscript

AUTHOR

Howard Owen, <hbo@egbok.com>

COPYRIGHT AND LICENSE

Copyright 2003 by Howard Owen

sudoscript is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The Problem of PORCMOLSULB was orginally published in the August 2002 issue of ;login. The paper is distributed under a Creative Commons license, which may be viewed at <http://creativecommons.org/licenses/by-sa/1.0/>.

Search for    or go to Top of page |  Section 8 |  Main Index


perl v5.8.0 SUDOSCRIPT (8) 2003-06-13

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.