How to log all sudo commands

Sometimes it’s necessary to log all the sudo commands run in your environment.

Let”s see how to achieve this.

    • Edit the sudoers file by running visudo
      visudo
    • Add the below line to the Defaults section
      Defaults logfile=/var/log/sudo

 

  • Now all the commands from a sudo user will be logged in /var/log/sudo file.
    [root@awsadminz ~]# cat /var/log/sudo
    Jan 11 09:40:49 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/su -
    Jan 11 09:41:56 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/ls /var/www/html
    Jan 11 09:42:08 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/cat /etc/passwd
    Jan 11 09:42:47 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
    COMMAND=/bin/su -

 

Works on: CentOS, RHEL 5/6/7 Ubuntu, Any Linux flavors

 

Sudo Main Page : www.sudo.ws

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Scroll to Top