Using Sudo
By Tony Lawrence2005-05-12
Logging
|
|
Now let's add some logging. Without doing anything special, sudo logs authentication failures to syslog, but by adding another default, we can track every command run:
Defaults logfile=/var/log/sudologNotice that this time there is no ":". This default therefor applies to everyone.
With this in place, all sudo commands will be logged:
# /var/log/sudologThere's a limitation though:
Feb 24 06:56:59 : jim : TTY=tty4 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /etc/shadow
Feb 24 06:58:49 : jim : TTY=tty4 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat /etc/shadow
[jim@lnxserve jim]$ sudo cat /etc/shadow > /tmp/shadowThe redirection to /tmp/shadow does not show up in the log. That makes perfect sense: redirection is done by the shell before the commands are run, so sudo doesn't even see the redirection at all.
Password:
[jim@lnxserve jim]$ sudo cat /var/log/sudo*
Feb 24 06:56:59 : jim : TTY=tty4 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /etc/shadow
Feb 24 06:58:49 : jim : TTY=tty4 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat /etc/shadow
Feb 24 07:02:35 : jim : TTY=pts/0 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /etc/shadow
Feb 24 07:02:49 : jim : TTY=pts/0 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /var/log/sudolog
[jim@lnxserve jim]$
Tutorial Pages:
» Using Sudo
» Logging
» Security
» Limiting Commands
© Copyright 2005 A.P. Lawrence
|
| Related Tutorials: » How to Install PHP 5 on Linux » How to Install Apache 2 on Linux » How to Install MySQL 5.0 on Linux » SMB Caching » Mound --Bind » Tar Wild Card Interpretation |