# $Id: sudoscript.pod,v 1.1 2003/06/04 04:49:04 hbo Exp $
=pod

=head1 NAME

sudoscript -a system for audited shells with C<sudo(8)> and C<script(1)>

=head1 DESCRIPTION

C<sudoscript> is a system that audits a shell run under C<sudo(8)> It does this
using the venerable unix command C<script(1)> The system consists of two
Perl scripts and one Perl module.. The front-end script is called C<sudoshell(1)>
(also C<ss(1)>). The backend script is C<sudoscriptd(8)>. The Perl module is
C<Sudoscript(3pm)>. Each of these have their own man pages which it would
be well for a system administrator to read before implementing C<sudoscript>.
This manpage describes where to get more information about sudoscript.

=head1 DOCUMENTATION

C<sudoscript> comes with some documentation that is helpful for system administrators
who are deploying the system. On Linux, this documentation is in 
/usr/share/doc/sudoscript-${VERSION}. On all other platforms the documentation is
in /usr/local/doc/sudoscript-${VERSION}. In each case, "${VERSION}" is replaced with the
version of sudoscript.

=head2 SECURITY

Especially when enabling a root shell, C<sudoscript> cannot prevent a user
from evading the the audit trail it provides. This is true even if the user is
not root. The file SECURITY in the distribution and in the documentation directory
describes this in detail. It should be mandatory reading before any attempt is made
to deploy C<sudoscript>.

=head2 INSTALLATION

The steps required to install sudoscript are documented in the INSTALL file in 
the distribution and in the documentation directory.

=head2 CONFIGURATION

Given some configuration of the C<sudoers(5)> file, C<sudoscript> can enable
a root shell, or a shell as some other user. The details of how to go about this
are in the file SUDOCONFIG in the distribution, and in the documentation directory.

=head2 README

A description of sudoscript that goes into more detail than this man page can be
found in the README file in the distribution, and in the documentation directory.

=head2 PORCMOLSULB

The paper "The Problem of PORCMOLSULB: Can Root be Controlled in Engineering
Environments?" is included in the distribution, and in the documentation directory. This
paper describes the events that lead up to writing C<sudoscript>, and gives some
idea of why I consider the system useful.

=head2 PORTING 

Some thoughts about how to go about porting C<sudoscript> to a new Unix platform
are given in the PORTING  file in  the distribution and in the documentation directory.

=head2 WEB SITE

The C<sudoscript> web site is at C<http://www.egbok.com/sudoscript>. New versions
are released there first, before they hit sourceforge or freshmeat.

=head1 PLATFORMS

C<sudoscript> currently runs on the following platforms:

=over 4

=item C<Linux>

Tested on Red Hat 6.2 through 9, and Debian Woody.

=item C<Solaris>

Latest version tested on Solaris 9/Intel. Earlier versions were tested on
Solaris 7 and 8/Sparc and Solaris 8/Intel.

=item C<FreeBSD>

Tested on FreeBSD 4.3

=item C<OpenBSD>

Tested on version 3.3

=item C<HP-UX>

Tested on version 11 by Donny Jekels.

=back

=head1 SEE ALSO

sudoscriptd(8)

sudoshell(1)

Sudoscript(3pm)

sudo(8)

sudoers(5)

http://www.egbok.com/sudoscript

=head1 AUTHOR

Howard Owen, E<lt>hbo@egbok.comE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright 2003 by Howard Owen

sudoscript is free software; you can redistribute it and/or modify
it under the same terms as Perl itself. 

"The Problem of PORCMOLSULB" was orginally published in the August 2002
issue of ;login. The paper is distributed under a Creative Commons license, which 
may be viewed at L<http://creativecommons.org/licenses/by-sa/1.0/>.

=cut