| 1 |
On Thu, Jun 17, 2004 at 08:44:25AM -0700, Jason Qualkenbush wrote: |
| 2 |
> Is there a way to get commands entered by root or even sudo commands |
| 3 |
> into syslog? This way I can use syslog-ng to create a central log file |
| 4 |
> for review or even use swatch to alert on suspicious commands. If the |
| 5 |
> commands end up in the history file, there should be a way to get them |
| 6 |
> into syslog, right? Or is this re-inventing the wheel? |
| 7 |
|
| 8 |
Currently sudo commands are logged, like so: |
| 9 |
|
| 10 |
Jun 17 11:45:31 threepwood sudo: dpn : TTY=pts/1 ; PWD=/home/dpn ; USER=roo |
| 11 |
t ; COMMAND=/usr/bin/less /var/log/messages |
| 12 |
|
| 13 |
Remember, however, that uses with certain priveledges can execute sudo -s or |
| 14 |
sudo <shell> and get a shell. In this case, sudo will log starting the shell |
| 15 |
but will not log any commands typed into it. |
| 16 |
|
| 17 |
Dan |
| 18 |
|
| 19 |
-- |
| 20 |
/--------------- - - - - - - |
| 21 |
| Dan Noe, freelance hacker |
| 22 |
| http://isomerica.net/ |
Archives