Securing the sudo to sudo_logsrvd connection
Using sudo_logsrvd to centrally collect sudo session recordings from your network is a huge step forward in security: users cannot delete or modify session recordings locally. However, by default, transmission of recordings is not encrypted, making it open to modifications and eavesdropping. Encrypting the connection between sudo and sudo_logsrvd can eliminate these problems. Larger environments usually either have in-house PKI tooling in place, or colleagues who know all openssl options off the top of their heads. However, small and medium enterprises often lack the infrastructure or knowledge to work with TLS certificates.
This blog can help you to secure connections between sudo and sudo_logsrvd when there is no PKI tooling available to you, or you want to create all the certificates yourself using openssl. It is based on the sudo_logsrvd manual, but changed in such a way that all information is entered on the command line. While interactive certificate generation works fine for a single cert, generating multiple client certificates is easier when everything is on the command line.
Read my blog at https://blog.sudo.ws/posts/2021/08/securing-the-sudo-to-sudo_logsrvd-connection/