Wednesday, June 26, 2013

Track the users who are using sudo

List of users who are using sudo :

If you are root of the server and there are several users who are logged in to the server, you should know your user activities.

There can be some circumstances that you just can't disable sudo facility and the reason is not that you don't know how but you can't because you have to give the functionality to the users.

You must know that how to find number of users, current logged in users and all that stuff.

But some of your user can misuse the sudo facility. You should track the record that  who are currently using sudo.

Fortunately Linux can track the record for you. To read this log file, you can know the list of the users who are using sudo.

If you are using Debian or ubuntu, the location of the file is
/var/log/auth.log

If you are using CentOS, Fedora or RHEL, the location of the file is
/var/log/secure

If user tries to remove his/her entry from the file, it enters this act in the file too so you can know that user has edited the log file and he has done something nasty.


No comments:

Post a Comment