Anybody knows how to check if other users not in the sudo group are trying to gain access. When my brother which is not in the sudo group runs a sudo command in terminal it will say that it will be reported to me. An an example of what it does is in a picture below. Anybody knows how to check?
![[Image: tdswGqz.png?1]](http://i.imgur.com/tdswGqz.png?1)
It looks like it goes to /var/log/auth.log
ave you logged into "your" account and checked /var/log/auth.log
????
(02-13-2016, 12:08 PM)liamjake05 link Wrote:Anybody knows how to check if other users not in the sudo group are trying to gain access. When my brother which is not in the sudo group runs a sudo command in terminal it will say that it will be reported to me. An an example of what it does is in a picture below. Anybody knows how to check?
It's much more ideal to run
and add the line
Code:
Defaults logfile=/var/log/sudo.log
This will only show sudo issues, and not garble it up with other system info. This is all ran as the "admin" of course. To view the log, you'll need to have access permison (you might wanna look into groups and permissions on your own).
To do this just run
Code:
sudo cat /var/log/sudo.log
Again with the "admin" account.
That all aside, using the auth.log file also shows you login attempts and other info you may want to check often. You do not need to set a special path for sudo. Up to you in the end.
Worked but is there a way to reset this
(02-16-2016, 04:49 PM)liamjake05 link Wrote:Worked but is there a way to reset this
Reset in what way? Like clearing it? The file CAN be over written but this is far from ideal. Consider using logrotate.
That aside, you can run
Code:
sudo echo > /var/log/auth.log
But this will completely delete the contents, and is dangerous to use. Be completely sure you got the file name correct before running ANYTHING with sudo in it like this.
Same thing applies mate, just replace auth.log with sudo.log file name.