In previous webinars Randy Franklin Smith has showed us how to control what privileged authority in Linux and UNIX. With sudo you can give admins the authority they need without giving away root and all the security risks and compliance problems caused by doing so. But once you carefully delegate limited, privileged authority with sudo you still need an audit trail of what admins are doing. A privileged user audit trail is irreplaceable as a deterrent and detective control over admins and in terms of implementing basic accountability. But in today’s environment of advanced and persistent attackers you also need the ability to actively monitor privileged user activity for quick detection of suspicious events.

Security expert, Randy Franklin Smith, will dive into the logging capabilities of sudo. Sudo provides event auditing for tracking command execution by sudoers – both for successful and denied sudo requests as well as errors. Randy shows you how to enable sudo auditing and how to control where it’s logged, if syslog is used and more importantly: what do sudo logs looks like and how do you interpret them?

But sudo also offers session auditing (aka the iolog) which allows you to capture entire sudo sessions including both input and output of commands executed through sudo whether in an interactive shell or via script. Randy demonstrates how to configure sudo session logging and how to view recorded sessions with sudoreplay.

After Randy presents, Paul Harper from BeyondTrust shows you how PowerBroker UNIX & Linux builds on sudo’s audit capabilities.

Profile photo of Randy Franklin Smith

Randy Franklin Smith

Microsoft MVP & Windows Security Expert, and CEO at Monterey Technology Group, Inc.

Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.

Randy Franklin Smith began his career in information technology in the 1980s developing software for a variety of companies. During the early 1990s, he led a business process re-engineering effort for a multi-national organization and designed several mission critical, object-oriented, client/server systems. As the Internet and Windows NT took off, Randy focused on security and led his employer's information security planning team. In 1997, he formed Monterey Technology Group, Inc. where he serves as President.

Certifications

  • Certified Information Systems Auditor (CISA)
  • Microsoft Security Most Valuable Professional (MVP)
  • Systems Security Certified Professional (SSCP)

Industry Memberships

  • Information Systems Security Association (ISSA)
  • Information Systems Audit and Control Association (ISACA)
  • Center for Internet Security (CIS)