CentOS 6.6 sudo日志配置

1. 查询syslog和sudo软件是否已安装

[root@wangning ~]# rpm-qa|egrep "sudo|syslog"

rsyslog-5.8.10-8.el6.x86_64

sudo-1.8.6p3-15.el6.x86_64

1. 配置/etc/sudoers文件

[root@wangning ~]# echo"Defaultslogfile=/var/log/sudo.log">>/etc/sudoers

1. 检查上条内容是否正确添加到了sudoers文件里

[root@wangning ~]# tail -1/etc/sudoers

Defaults logfile=/var/log/sudo.log

1. 检查sudoers文件语法是否正确

[root@wangning ~]# visudo -c

/etc/sudoers: parsed OK

1. 配置/etc/rsyslog.conf文件

[root@wangning ~]# echo"local2.debug/var/log/sudo.log">>/etc/rsyslog.conf

1. 检查上条内容是否正确添加到rsyslog.conf文件里

[root@wangning ~]# tail -1/etc/rsyslog.conf

local2.debug /var/log/sudo.log

1. 重启rsyslog服务

[root@wangning ~]#/etc/init.d/rsyslog restart

Shutting down systemlogger:[ OK ]

Starting system logger: [ OK ]

1. 查看是否自动生成了sudo.log文件，且sudo.log文件大小为0

[root@wangning ~]# ll/var/log/sudo.log

-rw------- 1 root root 02017-06-03 16:14 /var/log/sudo.log

1. 切换到普通用户oldboy，用sudo执行相应的命令查看查看sudo.log日志文件是否会记录信息

[oldboy@wangning ~]$ sudo ls /

[oldboy@wangning ~]$ sudo ls/var/log/sudo.log

[root@wangning ~]# cat/var/log/sudo.log

Jun 3 20:30:27 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;

COMMAND=/bin/ls /

Jun 3 20:30:50 : user1 : command not allowed ;TTY=pts/0 ; PWD=/home/oldboy ;

USER=root ; COMMAND=/var/log/sudo.log

Jun 3 20:31:00 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;

COMMAND=/bin/ls /var/log/sudo.log

Jun 3 20:31:10 : user1 : TTY=pts/0 ;PWD=/home/oldboy ; USER=root ;

COMMAND=/bin/ls -l /var/log/sudo.log

1. sudo.log文件里用相应的普通用户sudo操作信息，证明已配置成功哦