Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Redirect sudo logging' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Redirect sudo logging
Authored by: ChrisAllison on Jun 01, '05 05:05:50PM
Another sudo config that is a good idea is redirecting sudo's logging. Add the following to /etc/sudoers (as stated above, please edit this file with visudo, there is good reason to do so, and no reason not to):
Defaults:ALL    !syslog
Defaults:ALL    logfile=/var/log/secure.log
The above redirects sudo logs to /var/log/secure.log (rather than the default, /var/log/system.log), which can only be read using sudo/by root, as opposed to /var/log/system.log, which can be read (without sudo) by anyone in the admin group.

Changing logging will ensure that if you don't set timestamp_timeout to 0, malicious applications can't monitor system.log to see when a sudo session is authenticated (to try and piggy-back onto it).
A good write up of this can be found at http://adbas.net/OSX_Vuln.txt (I have no connection with this site).

[ Reply to This | # ]