1 |
On Thu, Jun 17, 2004 at 08:44:25AM -0700, Jason Qualkenbush wrote: |
2 |
> Is there a way to get commands entered by root or even sudo commands |
3 |
> into syslog? This way I can use syslog-ng to create a central log file |
4 |
> for review or even use swatch to alert on suspicious commands. If the |
5 |
> commands end up in the history file, there should be a way to get them |
6 |
> into syslog, right? Or is this re-inventing the wheel? |
7 |
|
8 |
Currently sudo commands are logged, like so: |
9 |
|
10 |
Jun 17 11:45:31 threepwood sudo: dpn : TTY=pts/1 ; PWD=/home/dpn ; USER=roo |
11 |
t ; COMMAND=/usr/bin/less /var/log/messages |
12 |
|
13 |
Remember, however, that uses with certain priveledges can execute sudo -s or |
14 |
sudo <shell> and get a shell. In this case, sudo will log starting the shell |
15 |
but will not log any commands typed into it. |
16 |
|
17 |
Dan |
18 |
|
19 |
-- |
20 |
/--------------- - - - - - - |
21 |
| Dan Noe, freelance hacker |
22 |
| http://isomerica.net/ |