Enabling sudo log helps system administrators to track the activities of sudo users and this helps in system auditing. sudo logging logs all sudo commands executed on Linux system. This article provides a step by step instruction to configure sudo log on a Linux system.
Topic
-
How to log sudo commands on Linux?
-
How to configure sudo logging on Linux?
-
How to log all sudo command events?
Solution
Add the following configuration in /etc/sudoers file:
Defaults log_host, log_year, logfile="/var/log/sudo.log"Lets understand the meaning of the above configuration in more detail:
logfile: Path to the sudo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. By default, sudo logs via syslog.
log_host: If set, the host name will be logged in the (non-syslog) sudo log file. This flag is off by default
log_year: If set, the four-digit year will be logged in the (non-syslog) sudo log file. This flag is off by default.
Sample sudo logs
# cat /var/log/sudo.log
Apr 3 15:48:53 2020 : test : HOST=centos7-test : TTY=pts/0 ; PWD=/home/test ;
USER=root ; COMMAND=/bin/ls /tmp
Apr 3 15:48:57 2020 : test : HOST=centos7-test : TTY=pts/0 ; PWD=/home/test ;
USER=root ; COMMAND=/bin/df -h
Best article I have ever seen.
Nice Article.