LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   How to enable sudo users execute commands by Logs su - (http://www.linuxquestions.org/questions/linux-general-1/how-to-enable-sudo-users-execute-commands-by-logs-su-4175437731/)

arun5002 11-18-2012 07:26 PM
How to enable sudo users execute commands by Logs su -
 
Hi,
Im running Ubuntu 10.04 Lucid .I had enabled Administrator(sudo) Priviledge for few users.How can i Log the history & Commands executed by Sudo users.Whether its possible .Any help to find out the answer .

bigrigdriver 11-18-2012 10:09 PM
Excerpt from "Quick HOWTO : Ch09 : Linux Users and Sudo" found here.
Quote:
You can view a comprehensive list of /etc/sudoers file options by issuing the command man sudoers.
Using syslog To Track All sudo Commands

All sudo commands are logged in the log file /var/log/messages which can be very helpful in determining how user error may have contributed to a problem. All the sudo log entries have the word sudo in them, so you can easily get a thread of commands used by using the grep command to selectively filter the output accordingly.

Here is sample output from a user bob failing to enter their correct sudo password when issuing a command, immediately followed by the successful execution of the command /bin/more sudoers.
[root@bigboy tmp]# grep sudo /var/log/messages
Nov 18 22:50:30 bigboy sudo(pam_unix)[26812]: authentication failure; logname=bob uid=0 euid=0 tty=pts/0 ruser= rhost= user=bob
Nov 18 22:51:25 bigboy sudo: bob : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/bin/more sudoers
[root@bigboy tmp]#


All times are GMT -5. The time now is 01:33 AM.