linux sudo log

由于管理的服务器不多，而且都是我一个人管，但公司发展越来越快，服务器也越来越多，人手也添加了，但不能一直都用root账号人手一份，为了安全和管理控制，决定部署sudo。sudo默认安装在系统里，配置日志文件跟踪的时候遇到问题，无论怎么操作，就是不能写入sudo日志。参考了网上的N多文章，都不能解决问题，其中的奥秘就在于他们都省略了一步。所以部署东西，最好还是先看官方文档为先，遇到小部份难题在google为好。

一、实验环境

# cat /etc/redhat-release
CentOS release 5.5 (Final)
# rpm -qa | grep sudo
sudo-1.7.2p1-5.el5
[root@CentOS-A log]# rpm -ql sudo
/usr/share/doc/sudo-1.7.2p1/sample.sudoers
/usr/share/doc/sudo-1.7.2p1/sample.syslog.conf

二、参考资料

注：留意我标明红色的地方，这些是成功配置所在。

[root@CentOS-A ~]# cat /usr/share/doc/sudo-1.7.2p1/sample.sudoers
#
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# $Sudo: sample.sudoers,v 1.29 2008/10/03 19:55:57 millert Exp $
##
# Override built-in defaults
##
Defaults syslog=auth
Defaults>root !set_logname
Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
Defaults!PAGERS noexec
##
# User alias specification
##
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
##
# Runas alias specification
##
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
##
# Host alias specification
##
Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
SGI = grolsch, dandelion, black:\
ALPHA = widget, thalamus, foobar:\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
##
# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
/usr/sbin/rrestore, /usr/bin/mt
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
/usr/bin/chfn
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
##
# User specification
##
# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
# full time sysadmins can run anything on any machine without a password
FULLTIMERS ALL = NOPASSWD: ALL
# part time sysadmins may run anything but need a password
PARTTIMERS ALLALL = ALL
# jack may run anything on machines in CSNETS
jack CSNETS = ALL
# lisa may run any command on any host in CUNETS (a class B network)
lisa CUNETS = ALL
# operator may run maintenance commands and anything in /usr/oper/bin/
operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
sudoedit /etc/printcap, /usr/oper/bin/
# joe may su only to operator
joe ALL = /usr/bin/su operator
# pete may change passwords for anyone but root on the hp snakes
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
# bob may run anything on the sparc and sgi machines as any user
# listed in the Runas_Alias "OP" (ie: root and operator)
bob SPARC = (OP) ALL : SGI = (OP) ALL
# jim may run anything on machines in the biglab netgroup
jim +biglab = ALL
# users in the secretaries netgroup need to help manage the printers
# as well as add and remove users
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
# fred can run commands as oracle or sybase without a password
fred ALL = (DB) NOPASSWD: ALL
# on the alphas, john may su to anyone but root and flags are not allowed
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
jen ALL, !SERVERS = ALL
# jill can run any commands in the directory /usr/bin/, except for
# those in the SU and SHELLS aliases.
jill SERVERS = /usr/bin/, !SU, !SHELLS
# steve can run any command in the directory /usr/local/op_commands/
# as user operator.
steve CSNETS = (operator) /usr/local/op_commands/
# matt needs to be able to kill things on his workstation when
# they get hung.
matt valkyrie = KILL
# users in the WEBMASTERS User_Alias (will, wendy, and wim)
# may run any command as user www (which owns the web pages)
# or simply su to www.
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM

[root@CentOS-A ~]# cat /usr/share/doc/sudo-1.7.2p1/sample.syslog.conf
# This is a sample syslog.conf fragment for use with Sudo.
#
# Sudo logs to local2 by default, but this is changable via the
# --with-logfac configure option. To see what syslog facility
# a sudo binary uses, run `sudo -V' as *root*. You may have
# to check /usr/include/syslog.h to map the facility number to
# a name.
#
# NOTES:
# The whitespace in the following line is made up of <TAB>
# characters, *not* spaces. You cannot just cut and paste!
#
# If you edit syslog.conf you need to send syslogd a HUP signal.
# Ie: kill -HUP process_id
#
# Syslogd will not create new log files for you, you must first
# create the file before syslogd will log to it. Eg.
# 'touch /var/log/sudo'
#
# $Sudo: sample.syslog.conf,v 1.3 2004/10/01 14:58:15 millert Exp $
# This logs successful and failed sudo attempts to the file /var/log/sudo
local2.debug /var/log/sudo
# To log to a remote machine, use something like the following,
# where "loghost" is the name of the remote machine.
local2.debug @loghost

三、完整配置

3.1.配置sudo日志文件

＃touch /var/log/sudo.log

3.2.修改/etc/syslog.conf配置文件

local2.debug /var/log/sudo.log #空白处不能用空格键,必需用tab键

3.3、修改/etc/sudoers配置文件

注：不要手动修改配置文件，用visudo命令修改，好处是修改出错，保存会弹出错误提示信息，方便排错。

＃visudo
efaults logfile=/var/log/sudo.log #添加这一行

3.4、重启syslog服务

# ps -aux | grep syslog
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root 10367 0.0 0.1 1728 612 ? Ss 23:10 0:00 syslogd -m 0
root 10437 0.0 0.1 3920 688 pts/1 R+ 23:41 0:00 grep syslog
# kill -HUP 10367
＃/etc/init.d/syslog restart

四、成功测试

# cat /var/log/sudo.log
Dec 14 23:07:39 : firerat : TTY=pts/0 ; PWD=/home/firerat ; USER=root ;
COMMAND=/bin/cat /etc/passwd

临高人社区：http://www.lingaoren.com

linux sudo log相关推荐

linux sudo命令全称,linux sudo命令的概念与使用
1.sudo介绍本文引用地址:http://www.eepw.com.cn/article/201610/305498.htm sudo是linux下常用的允许普通用户使用超级用户权限的工具,允许系统 ...
Linux sudo命令的概念与使用
1.sudo介绍 sudo是linux下常用的允许普通用户使用超级用户权限的工具,允许系统管理员让普通用户执行一些或者全部的root命令,如halt,reboot,su等等.这样不仅减少了root用户 ...
linux sudo 权限_在Linux中使用sudo委派权限
linux sudo 权限我最近写了一个简短的Bash程序,将MP3文件从一个网络主机上的USB拇指驱动器复制到另一网络主机上. 这些文件被复制到我为志愿者组织运行的服务器上的特定目录中,从该目录可 ...
Linux 新建log文件
Linux 新建log文件家目录下创建log文件(新文件) 在uwsgi.ini文件中添加 root : 家目录,新文件创建在那个目录下就写那个目录 logto = /root/uwsgi_log. ...
linux sudo命令
Linux sudo命令正在上传-重新上传取消 Linux 命令大全 Linux sudo命令以系统管理者的身份执行指令,也就是说,经由 sudo 所执行的指令就好像是 root 亲自执行. 使用 ...
linux用户的vim命令无效,Linux SUDO Bug可让您以root用户身份运行命令，大多数命令不受影响...
已发现Linux sudo命令中的漏洞,该漏洞可能允许非特权用户以root用户身份执行命令.幸运的是,此漏洞仅在非标准配置中有效,并且大多数Linux服务器不受影响. 在获得此漏洞之前,重要的是要掌握 ...
Linux sudo 被曝提权漏洞，任意用户均能以 root 身份运行命令
Linux 用户请注意!根据外媒的报道,Linux sudo 被曝出存在一个提权漏洞,可完全绕过 sudo 的安全策略. 先简单说明一下情况,报道指出 sudo 存在一个安全策略隐患,即便" ...
linux日志切割命令,Linux 服务器log日志切割三种方法【附命令行】
今天爱分享给大家带来Linux 服务器log日志切割方法[三种附命令行],希望能够帮助到大家. 业务服务器上产生了一个 10G 的log文件,然后很悲催的是什么样的文本编辑器都打不开,然后只能切分一下 ...
Linux查看log日志命令总结
@Linux查看日志 Linux查看log日志命令总结企业项目都运行在Linux环境,熟悉Linux环境下的日志查看结合远程调试端口及时排查程序bug,是后端程序员需掌握的必备技能. 1,动态实时查 ...

linux sudo log

linux sudo log相关推荐

最新文章

热门文章