Create a custom sudo log file
sudoers log
I am Devops engineer. I am a newbie learning and letting the world know about my experiments and findings.
Sudo allows system administrators to allow users run command as root user. The commands that run with sudo needs to be logged in for security and compliance reasons.
Security — Sudo logs can provide a trail of activity. Any unauthorised access or suspicious behaviour can be logged and the system admins can get to know with the help of sudo logs.
Compliance — Sudo logs are required for regulatory requirements for an organisation. HIPPA, PCI, DSS provide system activity trail.
Accountability — It documents the actions when administrator perform, system admin tasks.
We can create a custom sudo logs file in /etc/sudoers
/etc/sudoers is a configuration file used by the sudo command in Linux and Unix-based operating systems. It contains the rules that determine which users or groups are allowed to run specific commands.
Default /etc/sudoers file →
We can create a custom log file here -> /var/log
Example /var/log/sudo.log
Create a file - touch /var/log/sudo.log
Edit the file sudo vi /etc/sudoers
Add Defaults logfile=”/var/log/sudo.log” (As shown below)
Restart rsyslog -> sudo systemctl restart rsyslog
We can start seeing sudo logs in the custom log file
Feel free to ask any doubts in comments. I tried on debian. It might work for rest flavours too. 🍻🍺
