Sudo 1.9 is now feature complete. One of the new features is Python support, meaning that you can easily extend sudo functionality using Python scripts. It supports the very same APIs as the regular C plugin API, only the language is different. One of the more interesting APIs is the IO logging API, which provides access to terminal data in real-time, both input and output. This way you can check if a sudo user is accessing data that he should not, or analyze the commands entered and terminate a session before a disaster occurs. In this blog you will find two simple examples for the above use cases. Both are over simplified but functional. You can use them to test out the new functionality, or as a basis for your own code.

Version 1.9 of sudo is now feature complete: all major features are implemented. On the other hand, sudo 1.9 needs testing and a bit of polishing before it can be made generally available. This is where you can help. Testing is easy, as for most platforms the project provides ready-to-install packages. In this blog I will show you how to test the recording service.

• For an overview of 1.9 features see What is coming up in sudo 1.9?
• To get started with Python support in sudo, including compile instructions, see What’s new in sudo 1.9: Python

The recording service collects session recordings centrally, which offers many advantages compared to local storage:

One of the most interesting new features of the upcoming sudo version 1.9 is Python support. While version 1.8 introduced plugin support, Python support means that you can extend sudo using the same APIs but write plugins in Python instead of C. Version 1.9 is still under development but you are encouraged to test it and provide feedback about your experiences. From this blog, you can learn how to install ready to use beta quality packages from the sudo website, how to compile it yourself (on CentOS) and how to test Python support using a very simple example script.

I guess it is not an overstatement to say that many interesting new features are coming to sudo in version 1.9. On the other hand, most sudo users are still only aware of its basic functionality. In this blog I would like to draw your attention to my Opensource.com article, which describes some lesser known features of sudo. Finally, I will point you to four upcoming conference talks about different aspects of sudo.

This blog helps you to get started with configuring sudo and learn how to avoid the most common mistakes. But the title “getting started with sudo” sounds a lot less interesting :-) Based on responses to my talks, one of the most popular configuration option of sudo is insults. You should not think about anything serious here: just some funny messages when a user mistypes a password. But as some users find these messages inappropriate, these are now disabled by default, but can be enabled. In this blog I’ll show you how to configure sudo’s insults and how to enable (or disable) them for a set of users.

After I finish a talk on sudo at a conference, I usually receive quite a few questions. Many of the answers I gave earlier were already included in the latest version of my sudo talk. The following is a collection of questions and answers from different conferences.

Right now the insult messages are hard-coded. There are plans to use an external file for them, but obviously this change is not high on the TODO list.

If there is one utility installed on almost all Linux/UNIX systems, it is sudo. Still, most sudo users – including myself until a year ago – only know this app as the prefix for administrative commands and using the default configuration. By the end of this blog you will know that it is a lot more. After a brief introduction to sudo you can learn a number of lesser know sudo features: digest check, configuration in LDAP, session recording, extensive logging and even plugins The current blog just introduces you to these features, in later blogs you can learn about them in depth.

Learn about What You Most Likely Did Not Know About Sudo… at this year’s All Things Open conference.

If you have not heard about it yet, All Things Open is one of the largest open source events on the US East Coast. This year the conference is October 13-15, in the area known as the Research Triangle. People from all aspects of open source participate: users, developers, decision makers and as the name of the area implies, many people from research.

Let me tell you a personal story, how this blog was born.

First a bit of introduction. I am Peter Czanik, working for the past nine years as syslog-ng evangelist at Balabit. Obviously I also deal with the commercial variant, but my focus is Open Source. That is one of the reasons why I was very happy to learn that Todd Miller, developer of the sudo application, became my colleague when Balabit was acquired by One Identity last year.