CentOS 6.6 sudo日誌配置
CentOS 6.6 sudo日誌配置
查詢syslog和sudo軟件是否已安裝
[[email protected] ~]# rpm-qa|egrep "sudo|syslog"
rsyslog-5.8.10-8.el6.x86_64
sudo-1.8.6p3-15.el6.x86_64
配置/etc/sudoers文件
[[email protected] ~]# echo"Defaults logfile=/var/log/sudo.log">>/etc/sudoers
檢查上條內容是否正確添加到了sudoers文件裏
[[email protected]
Defaults logfile=/var/log/sudo.log
檢查sudoers文件語法是否正確
[[email protected] ~]# visudo -c
/etc/sudoers: parsed OK
配置/etc/rsyslog.conf文件
[[email protected] ~]# echo"local2.debug /var/log/sudo.log">>/etc/rsyslog.conf
檢查上條內容是否正確添加到rsyslog.conf文件裏
[[email protected] ~]# tail -1/etc/rsyslog.conf
local2.debug /var/log/sudo.log
重啟rsyslog服務
[[email protected] ~]#/etc/init.d/rsyslog restart
Shutting down systemlogger: [ OK ]
Starting system logger: [ OK ]
查看是否自動生成了sudo.log文件,且sudo.log文件大小為0
[[email protected] ~]# ll/var/log/sudo.log
-rw------- 1 root root 02017-06-03 16:14 /var/log/sudo.log
切換到普通用戶oldboy,用sudo執行相應的命令查看查看sudo.log日誌文件是否會記錄信息
[[email protected] ~]$ sudo ls /
[[email protected] ~]$ sudo ls/var/log/sudo.log
[[email protected] ~]# cat/var/log/sudo.log
Jun 3 20:30:27 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;
COMMAND=/bin/ls /
Jun 3 20:30:50 : user1 : command not allowed ;TTY=pts/0 ; PWD=/home/oldboy ;
USER=root ; COMMAND=/var/log/sudo.log
Jun 3 20:31:00 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;
COMMAND=/bin/ls /var/log/sudo.log
Jun 3 20:31:10 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;
COMMAND=/bin/ls -l /var/log/sudo.log
sudo.log文件裏用相應的普通用戶sudo操作信息,證明已配置成功哦
本文出自 “飛奔的駱駝” 博客,請務必保留此出處http://wn2100.blog.51cto.com/9915310/1941596
CentOS 6.6 sudo日誌配置