I need to know what deamon process is using sudo.
I tried writing a quick bash wrapper:
Code:
#!/bin/bash
thedate=`date`
echo -e "$thedate\t$PPID is attempting to use sudo" >> /var/log/secure
/usr/bin/real_sudo "$@"
Code:
[root@cable ~: 09:37:42]# ls -l ./sudo_wrapper
---s--x--x 1 root root 122 Feb 12 09:27 ./sudo_wrapper*
Then setting it executable, owned by root, and turning the sticky bit on.
When I tried using this script as a normal user I just get permission denied.
Any ideas?