Environment: Ubuntu 12.04 Server.
sudo permission assignments are managed using Visudo. Examples are available under/usr/share/doc/sudo/examples/sample.sudoers. Baidu Encyclopedia has a detailed introduction of sudo and the use of Visudo instructions.
Baidu Encyclopedia: Sudo http://baike.baidu.com/view/1138183.htm
Because the Rsyslog (Remote System Log) is used in Ubuntu12.04, it is the upgraded version of Syslog, but using the same method as syslog, much of the information found on the Internet is said to be modified/etc/ syslog.conf files (which are used in many other versions of Linux and earlier versions of Ubuntu), actually modifying the/etc/rsyslog.conf is the same.
1. Configure/etc/rsyslog.conf
To add one line to: local2.debug/var/log/sudo.log (tab-delimited in the middle)
2.root user executes Visudo modify/etc/sudoers file:
In which to add:
##
# Override Built-in Defaults
##
Defaults Syslog=auth
Defaults>all! Set_logname
Defaults:fulltimers!lecture
Defaults:millert!authenticate
Defaults@servers Log_year, Logfile=/var/log/sudo.log
defaults! Pagers noexec
Defaults Logfile=/var/log/sudo.log
3. Restart Rsyslog
Service Rsyslog Restart
4. Inspection
You can see that the Sudo.log file is generated under/var/log, and the record for the wrong sudo operation is as follows:
tsli@ubuntu:/usr/lib$ sudo ls
[sudo] password for TSLI:
Tsli is isn't in the sudoers file. This incident would be reported.
See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/OS/Linux/