Recipe 5.17 Logging sudo Remotely

5.17.1 Problem

You want your sudo logs kept off-host to prevent tampering or interference.

5.17.2 Solution

Use syslog 's @otherhost syntax: [Recipe 9.29]

/etc/syslog.conf:
authpriv.*         @securehost

5.17.3 Discussion

Remember that the remote host's syslogd needs must be invoked with the -r flag to receive remote messages. Make sure your remote host doesn't share root privileges with the sudo host, or else this offhost logging is pointless.

5.17.4 See Also

syslog.conf(5), syslogd(8).

Chapter 1. System Snapshots with Tripwire

Chapter 2. Firewalls with iptables and ipchains

Chapter 3. Network Access Control

Chapter 4. Authentication Techniques and Infrastructures

Chapter 5. Authorization Controls

Recipe 5.1 Running a root Login Shell

Recipe 5.2 Running X Programs as root

Recipe 5.3 Running Commands as Another User via sudo

Recipe 5.4 Bypassing Password Authentication in sudo

Recipe 5.5 Forcing Password Authentication in sudo

Recipe 5.6 Authorizing per Host in sudo

Recipe 5.7 Granting Privileges to a Group via sudo

Recipe 5.8 Running Any Program in a Directory via sudo

Recipe 5.9 Prohibiting Command Arguments with sudo

Recipe 5.10 Sharing Files Using Groups

Recipe 5.11 Permitting Read-Only Access to a Shared File via sudo

Recipe 5.12 Authorizing Password Changes via sudo

Recipe 5.13 Starting/Stopping Daemons via sudo

Recipe 5.14 Restricting root's Abilities via sudo

Recipe 5.15 Killing Processes via sudo

Recipe 5.16 Listing sudo Invocations

Recipe 5.17 Logging sudo Remotely

Recipe 5.18 Sharing root Privileges via SSH

Recipe 5.19 Running root Commands via SSH

Recipe 5.20 Sharing root Privileges via Kerberos su

Chapter 6. Protecting Outgoing Network Connections

Chapter 7. Protecting Files

Chapter 8. Protecting Email

Chapter 9. Testing and Monitoring