Home Sudosh2 Server Auditing How To Configure Sudosh2

How to Configure Sudosh2

First You Have to get the Package to install. ( Download Sudosh2 Links)

Sudosh2 should compile and install easily on most Unix like systems. It is developed on Ubuntu, and my personal usage is a mix of Red Hat Enterprise, Gentoo, and Solaris. Sudosh2 has been compiled with gcc as old as 2.95.2, and does not rely on external libraries other than your libc.

The simplest case for installing sudosh2 would look like this:

tar jxf sudosh2-[version].tar.bz2
cd sudosh2-[version]
./configure
make
sudo make install

How To Configure Sudosh2

Once installed, sudosh2 is very easy to configure.
Here is a sample default configuration for Sudosh2 located in /etc/sudosh2.conf:

 # Sudosh Configuration File
logdir                  = /var/log/sudosh
default shell           = /bin/sh
delimiter               = -
syslog.priority         = LOG_INFO
syslog.facility	       = LOG_LOCAL2
clearenvironment   = yes 
# Allow Sudosh to execute -c arguements?  If so, what?
-c arg allow = scp
-c arg allow = rsync

A quick breakdown of the possible options:

Logidr:

This is where your session logs will be stored. Sudosh2 will create the dir if it does not exist, and will maintain the proper permissions on it as well.

Default shell:

fallback value for shell to execute if preferred shell is invalid or getusershell() does not exist

Delimiter:

Seperator for fields in session record filenames

Syslog.priority/syslog.facility:

Specify the syslog channel for sudosh2. Consult your syslog man page for acceptable values no your system. Syslog priority is also referred to as Level on some systems.

Clear environment:

By default, sudosh will clear any environment variables, keeping them from carrying through from the previous shell. If you would rather it not do this, set clearenvironment to no.

-C arg allow:

This value is used when sudosh2 is set as a user's login shell. Any values you have set in this variable are acceptable commands to be executed non-interactively, such as sftp, scp, cvs, etc. Note that this must be the exact command, for example my Ubuntu system calls sftp as "/usr/lib/openssh/sftp-server". Failed commands are sent to syslog. When run in non-interactive mode, sudosh2 will filter out any output redirection or process control.

 

Want to learn more uses for Sudosh2?

 

By A Website Design

Quick Contact:
How may we help you?






Copyright © 2010. Shortcut Solutions St. Louis based Email Marketing and Web Hosting.
All Rights Reserved.

Designed by Shortcut Solutions.Net.