LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page [SOLVED] How do i log all commands run by a user after elevating himself as root using sudo
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-11-2015, 02:42 AM   #1
Arvind Shivaramakrishnan
LQ Newbie
 
Registered: Aug 2011
Posts: 12
Blog Entries: 2

Rep: Reputation: Disabled
How do i log all commands run by a user after elevating himself as root using sudo

Hi All,
I have added the following entry "Defaults logfile=/var/log/sudo.log" to the "/etc/sudoers" file and it logs whenever a user runs "sudo su - root" to elevate himself as root. But it doesnt log any other command after that the user executes in that sudo session. How do log all commands into sudo log file even after the root shell is assigned to the user.
 
Old 03-11-2015, 03:26 AM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
I think this is what you are looking for: http://sharadchhetri.com/2011/12/02/...ndary-logging/

However, if you are giving any person root privilege he/she can mess up with these files as well. It is not advisable to give any user sudo su - or sudo su - root or sudo /bin/bash access.

What I am trying to say is no matter what security measure you put in if the user will have full root access he / she can anyways manipulate / mess the logs files as well. So better never ever give any user full root access.
 
Old 03-11-2015, 04:46 AM   #3
Arvind Shivaramakrishnan
LQ Newbie
 
Registered: Aug 2011
Posts: 12

Original Poster
Blog Entries: 2

Rep: Reputation: Disabled
Thanks. That worked!!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo : removing rights to run all commands for a particular user amit.kanade1983 Linux - Security 1 03-20-2014 02:57 PM
[SOLVED] allow normal user to exec some root commands w/o sudo gujedan Linux - Newbie 12 11-10-2011 11:16 PM
[SOLVED] How to allow access to some commands having root privleges to be run bu non root user suryashikha Linux - Newbie 8 10-31-2009 01:05 PM
Gconf-editor settings not sticking for root, sudo user, or user when run sandaili Fedora 1 07-19-2008 08:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:21 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration