Centos-sudo detailed configuration and logs

Sudo introduction:
Sudo is a common tool in Linux that allows common users to use superuser permissions;
Sudo features:
<1> sudo can restrict users from running commands only on a host;
<2> sudo provides a wide range of logs, recording in detail what each user has done;
<3> sudo uses a timestamp file to execute a system similar to "check". When a user calls sudo and enters its password, the user obtains a ticket with a storage duration of 5 minutes (this value can be changed during compilation)
<4> the sudoers file is stored in the sudo configuration file at/etc/sudoers by default. The property must be 0411;
Configuration file:
Editing method: Vim; mongodo (this can check whether the configuration is correct)
Sudo mainly includes four alias settings {
Here, the master host_alias # host alias allows access from that host, for example, 192.168.1.1
Determine which commands are allowed to execute cmnd_alias # and add the absolute path. Example:/bin/RM
Alias user_alias # list of users with sudo Permissions
Ranas_alias # identity of the user, for example, root}
Application alias :{
Root all = (all) All
User (XXX) host alias (XXX) = identity alias (XXX) command alias (XXX)
Log configuration :{
<1> touch/var/log/sudo. log # create a log file
<2> Vim/etc/rsyslog. conf # edit the configuration file of the system log [local2.debug/var/log/sudo. log] system logs of centos6 and later versions are rsyslog. conf, the following is syslog}
<3> edit the sudo configuration file: {mongodo
Insert/ults logfile =/var/log/sudo. log at the bottom of the configuration file.
Defaults loglinelen = 0
Defaults! Rsyslog
<4> restart Log Service rsyslog restart}
Note: In some centos6.5 versions, calling rsyslog during mongodo configuration may fail. The solution is to call syslog, for example :! Syslog
Instance :{