Does sudo integrates with Solaris auditing? And does RBAC?
Hello,
I've just started reading about Auditing.
Right at the beginning I've read "At each login, after a user supplies a user name and password, a unique audit session ID is generated and associated with the user's process. The audit session ID is inherited by every process that is started during login sessions".
When someone uses sudo I think he/she isn't doing any login.
So if administrators ordinarily take advantage of sudo how can be root (on behalf of one of them) be successfully/precisely audited?
If the answer to the above question is negative, would that be a point in favor to RBAC?
I've just started reading about Auditing.
Right at the beginning I've read "At each login, after a user supplies a user name and password, a unique audit session ID is generated and associated with the user's process. The audit session ID is inherited by every process that is started during login sessions".
When someone uses sudo I think he/she isn't doing any login.
So if administrators ordinarily take advantage of sudo how can be root (on behalf of one of them) be successfully/precisely audited?
If the answer to the above question is negative, would that be a point in favor to RBAC?
0