Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-4810: DA captures raw data with tar

Auditing and Monitoring Service ,  

12 April,16 at 11:11 AM

Applies to:

Centrify DirectAudit 3.x


DA is capturing raw data when piping files using tar command over an SSH connection. This is causing the DA dB to grow huge.

It would be something like this (run by a local user). It's used in a script to replicate files across servers.
ssh NPIUSER@HOSTB \"sudo -u LOCALUSERB bash -c 'tar' -C $DIRB -czf - $FILE' \" | tar -C $DIRA -xzf"
If there is no need to audit all `sudo' commands run by ssh remotely  then  adding the following to /etc/centrifyda/centrifyda.conf will resolve the issue:
dash.ssh.command.skiplist: scp rsync sftp-server sudo
Please note "ssh using sudo" won't be audited and  DA doesn't check whether it is ssh and it checks terminal (tty).