Re: [Sudoscript-devel] keystroke logging to a remote server
Brought to you by:
hbo
From: Howard O. <hb...@eg...> - 2002-07-15 23:55:56
|
Welcome, David! I've had a couple of thoughts since you first contacted me about this. You are really discussing two different features that add up to better enterprise management. The first is central configuration of sudo authorization. This would involve remote munging of the sudoers file, coupled with a central store of user identities. This sounds like an interesting app seperate from sudoscript. I could get interested in this, but my day job is making serious demands on my time. The second component is remote logging of keystrokes over an encrypted connection. This sounds like a very interesting feature. It presupposes a management app, presumably the same one that would control authorization. It also calls for an encrypted and authenticated transport. The natural way to do this in an open source app would be to use ssh. I took a look at Net::SSH::Perl after we exchanged mail. This is a pure Perl implementation of SSH1 and SSH2. I expected it to call in a chain of module dependencies, but it exceeded my expectations by a large margin. Currently, sudoscript relies on nothing outside the base Perl distro as commonly configured on Red Hat Linux. I'd like to keep it that way. That means reliance on command-line ssh. There's also the matter of key management to consider. Managing multiple concurrent logging streams would also be a challenge. As it happens, I'm doing that right now in my current day job. I could borrow concepts from that effort. I can see how the two features are interlinked. However I think I should take the discussion over to sudo-devel to see if there is any prior art. --On Monday, July 15, 2002 11:50:58 PM +0100 David Chung <da...@ch...> wrote: > Hi, > > I am new to this list but I have a few ideas/suggestions for sudoscript. > > In an organisation that I have worked in we played around with an > application called Powerbroker by Symark. The package is good but comes > at a price. Although this product is intended to be a more sophisticated > sudo replacement it offers a couple of good features. One of them is > allowing access to be brokered from a central secured server to a client > requesting privedged access, it also allows keystroke logging back to the > central server. This is all done over an encrypted connection like SSL. > Does anyone think it might be worth looking to move sudoscript into a > client server type application? > > Regards > > > > ------------------------------------------------------- > This sf.net email is sponsored by: Jabber - The world's fastest growing > real-time communications platform! Don't just IM. Build it in! > http://www.jabber.com/osdn/xim > _______________________________________________ > Sudoscript-devel mailing list > Sud...@li... > https://lists.sourceforge.net/lists/listinfo/sudoscript-devel > Howard Owen "Even if you are on the right EGBOK Consultants track, you'll get run over if you hb...@eg... +1-650-339-5733 just sit there." - Will Rogers |