|
Check other users sudo
|
|
02-13-2016, 12:08 PM
(This post was last modified: 02-17-2016, 07:17 PM by liamjake05.)
Anybody knows how to check if other users not in the sudo group are trying to gain access. When my brother which is not in the sudo group runs a sudo command in terminal it will say that it will be reported to me. An an example of what it does is in a picture below. Anybody knows how to check?
![[Image: tdswGqz.png?1]](http://i.imgur.com/tdswGqz.png?1)
02-13-2016, 02:10 PM
It looks like it goes to /var/log/auth.log
Want to thank me? Click my [Thank] link.
02-13-2016, 06:15 PM
ave you logged into "your" account and checked /var/log/auth.log
????
Upgrades WIP 2.6 to 2.8 - (6 X 2.6 to 2.8 completed on: 20/02/16 All O.K )
Linux Lite 3.0 Humming on a ASRock N3070 Mobo ~ btrfs RAID 10 Install on 4 Disks  Computers Early days: ZX Spectrum(1982) , HP-150 MS-DOS(1983) , Amstrad CPC464(1984) , BBC Micro B+64(1985) , My First PC HP-Vectra(1987)
02-16-2016, 03:02 PM
(02-13-2016, 12:08 PM)liamjake05 link Wrote:Anybody knows how to check if other users not in the sudo group are trying to gain access. When my brother which is not in the sudo group runs a sudo command in terminal it will say that it will be reported to me. An an example of what it does is in a picture below. Anybody knows how to check? It's much more ideal to run Code: sudo visudoand add the line Code: Defaults logfile=/var/log/sudo.logThis will only show sudo issues, and not garble it up with other system info. This is all ran as the "admin" of course. To view the log, you'll need to have access permison (you might wanna look into groups and permissions on your own). To do this just run Code: sudo cat /var/log/sudo.logAgain with the "admin" account. That all aside, using the auth.log file also shows you login attempts and other info you may want to check often. You do not need to set a special path for sudo. Up to you in the end.
02-16-2016, 05:11 PM
(02-16-2016, 04:49 PM)liamjake05 link Wrote:Worked but is there a way to reset this Reset in what way? Like clearing it? The file CAN be over written but this is far from ideal. Consider using logrotate. That aside, you can run Code: sudo echo > /var/log/auth.logBut this will completely delete the contents, and is dangerous to use. Be completely sure you got the file name correct before running ANYTHING with sudo in it like this.
02-16-2016, 06:15 PM
Same thing applies mate, just replace auth.log with sudo.log file name.
|
|
« Next Oldest | Next Newest »
|
![[Image: psCXIcR.png]](http://i.imgur.com/psCXIcR.png)