On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote: > > At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote: > > These both seem like excellent practices, for the clueless in all of us - > > can someone describe how this is done for sudo? How do you configure PAM to > > require alternative passwords, which expire and age, and are decent > > passwords? And how does one reliably log sudo logs offsite? > > Please take a large grain of salt before reading, I haven't done this > stuff in a while so I'm rusty on it. I've included references to > where I've gotten the info so you can read more about it yourself. > > One can log to a different host by putting @hostname in your > syslog.conf file. I believe it looks like this: > > (`man syslog.conf`) > > auth,authpriv.* @log.myotherhost.com > > (assuming you have sudo logging at level auth) > > I know this may seem obvious, but make sure that this machine does not > share admin accounts with the machine you're logging from, or the > hacker will just break in and change the logs! >
Don't forget, on the logging machine, syslog actually needs to be told to allow messages from the network (and listening, obviously). -r. [...] -- "... being a Linux user is sort of like living in a house inhabited by a large family of carpenters and architects. Every morning when you wake up, the house is a little different. Maybe there is a new turret, or some walls have moved. Or perhaps someone has temporarily removed the floor under your bed." - Unix for Dummies, 2nd Edition -- found in the .sig of Rob Riggs, [EMAIL PROTECTED]