Securing the sudo to sudo_logsrvd connection
Using sudo_logsrvd to centrally collect sudo session recordings from your network is a huge step forward in security: users cannot delete or modify session recordings locally. However, by default, transmission of recordings is not encrypted, making it open to modifications and eavesdropping. Encrypting the connection between sudo and sudo_logsrvd can eliminate these problems. Larger environments usually either have in-house PKI tooling in place, or colleagues who know all openssl options off the top of their heads.
... ➦New in 1.9.7: using sudo_logsrvd in relay mode
Relay mode was introduced to sudo_logsrvd in sudo version 1.9.7. But, first of all, what is sudo_logsrvd? It is the sudo recording service that allows you to collect sudo session recordings centrally. Using relay mode makes it possible to collect sudo session recordings even when the central service is inaccessible and provides you with a single exit point from your network.
In this blog you will learn why relay mode is important and how you can test it.
... ➦Analyzing your sudo session recordings with One Identity's SPS
Sudo is an open source application allowing you to execute commands as another user. Safeguard for Privileged Sessions (SPS) by One Identity is commercial software that allows you to control, monitor and record privileged access. Starting with the upcoming SPS version 6.10 you will be able to collect and analyze sudo session recordings in SPS.
Overview Session (I/O log) recording has been present in sudo for quite some time, but recordings were only saved locally.
... ➦Alerting to many different services using Python and sudo 1.9
Before version 1.9 was released, alterting in sudo was limited to e-mail messages. If you wanted to send alerts somewhere else, like Slack, you could only do this using external applications, like syslog-ng. Beginning with sudo 1.9, there is an Audit API that can be called from Python.
Previously, we provided you with a simple example that show how to print some debug information to the terminal. In this blog post we will extend that example with Apprise, a universal Python notification library.
... ➦Fuzz testing sudo
Version 1.9.6 of sudo was released recently. This is primarily a bug fix release with almost no user visible changes. One of the changes visible to developers is that support for fuzz testing was added. What is fuzz testing? According to the Wikipedia: “Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
... ➦Sudo on OpenBSD, DragonFlyBSD and NetBSD
My FOSDEM talk in the BSD devroom showcased what is new in sudo and syslog-ng and explained how to install or compile the software yourself on FreeBSD. I am a long-time FreeBSD user, started with version 1.0 in 1994. But soon after my talk I was asked what I know about the other BSDs. I knew that all BSDs have sudo in their ports system, but had no idea what shape those ports were in.
... ➦Sudo on FreeBSD
While FreeBSD does not install sudo as part of the base system, you can easily install it yourself. If you do not need anything more than basic functionality, you can install the binary package using the pkg command. Most users belong to this group. If you need advanced functionality, like Python support, you will have to compile sudo yourself from ports.
Are you surprised by the mention of basic and advanced functionality for sudo?
... ➦Sudo 1.9.4: new options for logging
While most of the changes in sudo version 1.9.4 are under the hood, there are some user-visible changes as well. Locating problems in the sudoers file became even easier as the column number is now also displayed when an error is found. There are also two logging related changes. Sudo_logsrvd, the service that collects session recordings centrally, can now also collect rejection log messages, not just information about successful sessions. It is now also possible to log events in JSON format.
... ➦Sudo 1.9.3: improved sudoers handling
Version 1.9.3 brought many improvements to how the sudoers file is handled. Zero-length files are not saved by sudoedit, in many cases error messages are more accurate, and sudo no longer refuses to run if there is a syntax error. Let’s take a more detailed look at these changes!
Before you begin These new features were introduced in sudo version 1.9.3. There is a good chance that your operating system includes an older version of sudo.
... ➦Using chroot and cwd in sudo
Starting with sudo 1.9.3, you can change both the root and the working directories within sudo itself. Neither option is enabled by default–you need to explicitly enable them in the sudoers file. When enabled, you can fine-tune target directories or allow your users to specify the directory to use. The logs reflect when these settings have been used.
Before you begin These new features were introduced in sudo version 1.