There are situations where you cannot avoid giving a user full shell access through sudo. A shell with administrative privileges gives complete control over your hosts. Until recently, sudo could only log the start of the shell, not the commands executed within it. You could record sessions with sudo, but watching recordings is boring, time consuming and can still be subverted. Version 1.9.8 introduced logging of sub-commands, but that is not yet available on many systems. An alternate approa...| Sudo
Version 1.9 of sudo introduced a new API to access audit information. This is not a user-visible feature. In other words, you cannot use it directly from the sudoers file. It is an API, meaning that you can access audit information from plugins, including ones written in Python. You can use it in many different ways, like sending events from sudo directly to Elasticsearch or LaaS when something interesting happens. You can also use it for debugging and print otherwise difficult to access info...| Sudo