How to log all sudo commands

11. January 2017 RHEL 0
How to log all sudo commands

Some times it’s necessary to log all the sudo commands run in your environment.

Let’ss see how to achieve this.

    • Edit the sudoers file by running visudo
      visudo
    • Add the below line to the Defaults section [sociallocker]
      Defaults logfile=/var/log/sudo

[/sociallocker]

  • Now all the commands from a sudo user will be logged in /var/log/sudo file.
    [[email protected] ~]# cat /var/log/sudo
    Jan 11 09:40:49 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/su -
    Jan 11 09:41:56 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/ls /var/www/html
    Jan 11 09:42:08 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/cat /etc/passwd
    Jan 11 09:42:47 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/su -

 

Works on : CentOS , RHEL 5/6/7 Ubuntu , Any Linux flavours

Sudo : www.sudo.ws


Leave a Reply

Your email address will not be published. Required fields are marked *