Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4810: DA captures raw data with tar

Centrify DirectAudit ,  

12 April,16 at 11:11 AM

Applies to:

Centrify DirectAudit 3.x

Question:

DA is capturing raw data when piping files using tar command over an SSH connection. This is causing the DA dB to grow huge.

It would be something like this (run by a local user). It's used in a script to replicate files across servers.
 
ssh NPIUSER@HOSTB \"sudo -u LOCALUSERB bash -c 'tar' -C $DIRB -czf - $FILE' \" | tar -C $DIRA -xzf"
 
Answer:
 
If there is no need to audit all `sudo' commands run by ssh remotely  then  adding the following to /etc/centrifyda/centrifyda.conf will resolve the issue:
 
dash.ssh.command.skiplist: scp rsync sftp-server sudo
 
Please note "ssh using sudo" won't be audited and  DA doesn't check whether it is ssh and it checks terminal (tty).

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.