Helping ordinary people create extraordinary websites!

Using Sudo

By Tony Lawrence
2005-05-12

Logging
Now let's add some logging. Without doing anything special, sudo logs authentication failures to syslog, but by adding another default, we can track every command run: 

Defaults logfile=/var/log/sudolog
Notice that this time there is no ":". This default therefor applies to everyone.

With this in place, all sudo commands will be logged: 

# /var/log/sudolog

Feb 24 06:56:59 : jim : TTY=tty4 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /etc/shadow

Feb 24 06:58:49 : jim : TTY=tty4 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat /etc/shadow
There's a limitation though: 

[jim@lnxserve jim]$ sudo cat /etc/shadow > /tmp/shadow

Password:

[jim@lnxserve jim]$ sudo cat /var/log/sudo*

Feb 24 06:56:59 : jim : TTY=tty4 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /etc/shadow

Feb 24 06:58:49 : jim : TTY=tty4 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat /etc/shadow

Feb 24 07:02:35 : jim : TTY=pts/0 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /etc/shadow

Feb 24 07:02:49 : jim : TTY=pts/0 ; PWD=/home/jim ; USER=root ; COMMAND=/bin/cat /var/log/sudolog

[jim@lnxserve jim]$
The redirection to /tmp/shadow does not show up in the log. That makes perfect sense: redirection is done by the shell before the commands are run, so sudo doesn't even see the redirection at all.



Tutorial pages:

© Copyright 2005 A.P. Lawrence
 1 Votes

You might also want to check these out:


Leave a Comment on "Using Sudo"
You must be logged in to post a comment.

Link to This Tutorial Page!
GET OUR NEWSLETTERS