Linux Lite Forums
Software - Support => Other => Topic started by: liamjake05 on February 13, 2016, 07:08:00 AM
-
Anybody knows how to check if other users not in the sudo group are trying to gain access. When my brother which is not in the sudo group runs a sudo command in terminal it will say that it will be reported to me. An an example of what it does is in a picture below. Anybody knows how to check? (http://i.imgur.com/tdswGqz.png?1)
-
It looks like it goes to /var/log/auth.log
-
did not work
-
ave you logged into "your" account and checked /var/log/auth.log
????
-
Anybody knows how to check if other users not in the sudo group are trying to gain access. When my brother which is not in the sudo group runs a sudo command in terminal it will say that it will be reported to me. An an example of what it does is in a picture below. Anybody knows how to check?
It's much more ideal to run
sudo visudo
and add the line
Defaults logfile=/var/log/sudo.log
This will only show sudo issues, and not garble it up with other system info. This is all ran as the "admin" of course. To view the log, you'll need to have access permison (you might wanna look into groups and permissions on your own).
To do this just run
sudo cat /var/log/sudo.log
Again with the "admin" account.
That all aside, using the auth.log file also shows you login attempts and other info you may want to check often. You do not need to set a special path for sudo. Up to you in the end.
-
Worked but is there a way to reset this
-
Worked but is there a way to reset this
Reset in what way? Like clearing it? The file CAN be over written but this is far from ideal. Consider using logrotate.
That aside, you can run
sudo echo > /var/log/auth.log
But this will completely delete the contents, and is dangerous to use. Be completely sure you got the file name correct before running ANYTHING with sudo in it like this.
-
I ment clearing sudo.log
-
Same thing applies mate, just replace auth.log with sudo.log file name.