FreeBSD Manual Pages
SUDOSCRIPT(8) User Contributed Perl Documentation SUDOSCRIPT(8) NAME sudoscript -a system for audited shells with sudo(8) and script(1) DESCRIPTION "sudoscript" is a system that audits a shell run under sudo(8) It does this using the venerable unix command script(1) The system consists of two Perl scripts and one Perl module.. The front-end script is called sudoshell(1) (also ss(1)). The backend script is sudoscriptd(8). The Perl module is "Sudoscript(3pm)". Each of these have their own man pages which it would be well for a system administrator to read before implementing "sudoscript". This manpage describes where to get more information about sudoscript. DOCUMENTATION "sudoscript" comes with some documentation that is helpful for system administrators who are deploying the system. On Linux, this documenta- tion is in /usr/share/doc/sudoscript-${VERSION}. On all other platforms the documentation is in /usr/local/doc/sudoscript-${VERSION}. In each case, "${VERSION}" is replaced with the version of sudoscript. SECURITY Especially when enabling a root shell, "sudoscript" cannot prevent a user from evading the the audit trail it provides. This is true even if the user is not root. The file SECURITY in the distribution and in the documentation directory describes this in detail. It should be manda- tory reading before any attempt is made to deploy "sudoscript". INSTALLATION The steps required to install sudoscript are documented in the INSTALL file in the distribution and in the documentation directory. CONFIGURATION Given some configuration of the sudoers(5) file, "sudoscript" can en- able a root shell, or a shell as some other user. The details of how to go about this are in the file SUDOCONFIG in the distribution, and in the documentation directory. README A description of sudoscript that goes into more detail than this man page can be found in the README file in the distribution, and in the documentation directory. PORCMOLSULB The paper "The Problem of PORCMOLSULB: Can Root be Controlled in Engi- neering Environments?" is included in the distribution, and in the doc- umentation directory. This paper describes the events that lead up to writing "sudoscript", and gives some idea of why I consider the system useful. PORTING Some thoughts about how to go about porting "sudoscript" to a new Unix platform are given in the PORTING file in the distribution and in the documentation directory. WEB SITE The "sudoscript" web site is at "http://www.egbok.com/sudoscript". New versions are released there first, before they hit sourceforge or freshmeat. PLATFORMS "sudoscript" currently runs on the following platforms: "Linux" Tested on Red Hat 6.2 through 9, and Debian Woody. "Solaris" Latest version tested on Solaris 9/Intel. Earlier versions were tested on Solaris 7 and 8/Sparc and Solaris 8/Intel. "FreeBSD" Tested on FreeBSD 4.3 "OpenBSD" Tested on version 3.3 "HP-UX" Tested on version 11 by Donny Jekels. SEE ALSO sudoscriptd(8) sudoshell(1) Sudoscript(3pm) sudo(8) sudoers(5) http://www.egbok.com/sudoscript AUTHOR Howard Owen, <hbo@egbok.com> COPYRIGHT AND LICENSE Copyright 2003 by Howard Owen sudoscript is free software; you can redistribute it and/or modify it under the same terms as Perl itself. "The Problem of PORCMOLSULB" was orginally published in the August 2002 issue of ;login. The paper is distributed under a Creative Commons li- cense, which may be viewed at <http://creativecommons.org/li- censes/by-sa/1.0/>. perl v5.8.0 2003-06-13 SUDOSCRIPT(8)
NAME | DESCRIPTION | DOCUMENTATION | PLATFORMS | SEE ALSO | AUTHOR | COPYRIGHT AND LICENSE
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sudoscript&sektion=8&manpath=FreeBSD+Ports+15.0>