CentOS 6.6 sudo日誌配置

1. 查詢syslog和sudo軟件是否已安裝

[[email protected] ~]# rpm-qa|egrep "sudo|syslog"

rsyslog-5.8.10-8.el6.x86_64

sudo-1.8.6p3-15.el6.x86_64

1. 配置/etc/sudoers文件

[[email protected] ~]# echo"Defaults logfile=/var/log/sudo.log">>/etc/sudoers

1. 檢查上條內容是否正確添加到了sudoers文件裏

[[email protected]

Defaults logfile=/var/log/sudo.log

1. 檢查sudoers文件語法是否正確

[[email protected] ~]# visudo -c

/etc/sudoers: parsed OK

1. 配置/etc/rsyslog.conf文件

[[email protected] ~]# echo"local2.debug /var/log/sudo.log">>/etc/rsyslog.conf

1. 檢查上條內容是否正確添加到rsyslog.conf文件裏

[[email protected] ~]# tail -1/etc/rsyslog.conf

local2.debug /var/log/sudo.log

1. 重啟rsyslog服務

[[email protected] ~]#/etc/init.d/rsyslog restart

Shutting down systemlogger: [ OK ]

Starting system logger: [ OK ]

1. 查看是否自動生成了sudo.log文件，且sudo.log文件大小為0

[[email protected] ~]# ll/var/log/sudo.log

-rw------- 1 root root 02017-06-03 16:14 /var/log/sudo.log

1. 切換到普通用戶oldboy，用sudo執行相應的命令查看查看sudo.log日誌文件是否會記錄信息

[[email protected] ~]$ sudo ls /

[[email protected] ~]$ sudo ls/var/log/sudo.log

[[email protected] ~]# cat/var/log/sudo.log

Jun 3 20:30:27 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;

COMMAND=/bin/ls /

Jun 3 20:30:50 : user1 : command not allowed ;TTY=pts/0 ; PWD=/home/oldboy ;

USER=root ; COMMAND=/var/log/sudo.log

Jun 3 20:31:00 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;

COMMAND=/bin/ls /var/log/sudo.log

Jun 3 20:31:10 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;

COMMAND=/bin/ls -l /var/log/sudo.log

1. sudo.log文件裏用相應的普通用戶sudo操作信息，證明已配置成功哦

本文出自 “飛奔的駱駝” 博客，請務必保留此出處http://wn2100.blog.51cto.com/9915310/1941596

CentOS 6.6 sudo日誌配置