Sometimes it’s necessary to log all the sudo commands run in your environment.
Let”s see how to achieve this.
-
- Edit the sudoers file by running visudo
visudo
- Add the below line to the Defaults section
Defaults logfile=/var/log/sudo
- Edit the sudoers file by running visudo
- Now all the commands from a sudo user will be logged in /var/log/sudo file.
[root@awsadminz ~]# cat /var/log/sudo Jan 11 09:40:49 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ; COMMAND=/bin/su - Jan 11 09:41:56 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ; COMMAND=/bin/ls /var/www/html Jan 11 09:42:08 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ; COMMAND=/bin/cat /etc/passwd Jan 11 09:42:47 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ; COMMAND=/bin/su -
Works on: CentOS, RHEL 5/6/7 Ubuntu, Any Linux flavors
Sudo Main Page : www.sudo.ws
