sudo log configuration on Linux

Enabling sudo log helps system administrators to track the activities of sudo users and this helps in system auditing. sudo logging logs all sudo commands executed on Linux system. This article provides a step by step instruction to configure sudo log on a Linux system.



Topic


  • How to log sudo commands on Linux?
  • How to configure sudo logging on Linux?
  • How to log all sudo command events?

Solution

Add the following configuration in /etc/sudoers file:

Defaults log_host, log_year, logfile="/var/log/sudo.log"

Lets understand the meaning of the above configuration in more detail:

logfile: Path to the sudo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. By default, sudo logs via syslog.

log_host: If set, the host name will be logged in the (non-syslog) sudo log file. This flag is off by default

log_year: If set, the four-digit year will be logged in the (non-syslog) sudo log file. This flag is off by default.


Sample sudo logs

# cat /var/log/sudo.log 
Apr  3 15:48:53 2020 : test : HOST=centos7-test : TTY=pts/0 ; PWD=/home/test ;
    USER=root ; COMMAND=/bin/ls /tmp
Apr  3 15:48:57 2020 : test : HOST=centos7-test : TTY=pts/0 ; PWD=/home/test ;
    USER=root ; COMMAND=/bin/df -h

You May Also Like

avatar

About the Author: TekFik

TekFik is a technical blogging site helps techies and engineers to solve their day to day issues and also allows everyone to share knowledge and feedback. Please feel free to contact us at tekfik.rd@gmail.com if there is anything.

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *