expert-randyfranklinsmith.jpgWith sudo you can give admins the authority they need without giving away root and all the security risks and compliance problems caused by doing so. But once you carefully delegate limited, privileged authority with sudo you still need an audit trail of what admins are doing. A privileged user audit trail is irreplaceable as a deterrent and detective control over admins and in terms of implementing basic accountability. But in today’s environment of advanced and persistent attackers you also need the ability to actively monitor privileged user activity for quick detection of suspicious events.

Join Microsoft MVP and security expert, Randy Franklin Smith, who will dive into the logging capabilities of sudo. Sudo provides event auditing for tracking command execution by sudoers – both for successful and denied sudo requests as well as errors. Randy will show you how to enable sudo auditing and how to control where it’s logged, if syslog is used and more importantly: what do sudo logs looks like and how do you interpret them?

But sudo also offers session auditing (aka the iolog) which allows you to capture entire sudo sessions including both input and output of commands executed through sudo whether in an interactive shell or via script. Randy will demonstrate how to configure sudo session logging and how to view recorded sessions with sudoreplay.

After Randy presents, BeyondTrust Product Manager, Paul Harper will walk you through how to augment sudo for complete control and auditing over Unix and Linux user activity.


Speaker: Randy Franklin Smith, is president of Monterey Technology Group, Inc, publisher of UltimateWindowsSecurity.com, Security Log Encyclopedia and creator of LOGbinder software. As a Systems Security Certified Professional (SSCP), a Microsoft Most Valued Professional (MVP) and a Certified Information Systems Auditor (CISA), Randy specializes in Windows security. Randy is an award winning author of almost 300 articles on Windows security issues for publications like Windows IT Pro where he is a contributing editor and author of the popular Windows security log series.


CPE Logo-Submitter.png
CPE Credit Qualification:
Many of our webinars qualify as CPE credit. Please provide your (ISC)2 ID certificate number when you register for the webinar and your CPEs will automatically be added to your (ISC)2 account within 4-6 weeks. 

Please Register Below to Join the Live Webinar

FIELDS WITH * ARE REQUIRED.

Upcoming Live Webinar:

Keeping An Eye on Your Unix & Linux Privileged Accounts
with Microsoft MVP & Windows security expert, Randy Franklin Smith

Join Live: Wednesday, June 8, 2016 | 10am PDT / 1pm EDT

Speak with a Security Expert at 1 (800) 234.9072