- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SUDO: Detailed commad logging
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 12:39 AM
тАО05-25-2009 12:39 AM
Requirement: After a user logs in with sudo, each of the commands executed by the user should be logged either in syslog or a seperate log file.
I checked thru lot of forum posts but could not find a working response.
sudoers file listed below
#########################################
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
Defaults logfile=/var/run/sudo/sudo.log
# Runas alias specification
# User privilege specification
root ALL=(ALL) SETENV: ALL
# Uncomment to allow people in group wheel to run all commands
# and set environment variables.
# %wheel ALL=(ALL) SETENV: ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
stony bkpsvr=/usr/bin/rlogin,/usr/lbin/remshd,/usr/sbin/cmviewcl, /usr/sbin/cmviewcl -v, /usr/sbin/dmesg, /usr/sbin/vxdmpadm listctlr all, /
usr/sbin/sam, /usr/sbin/swinstall, /opt/contrib/bin/nickel, /usr/bin/gsp, /sbin/ioscan, /opt/ignite/bin/make_tape_recovery
############################################
contents of the log file generate /var/run/sudo/sudo.log
###########################################
root@bkpsvr#cat /var/run/sudo/sudo.log
May 25 12:52:12 : stony : HOST=bkpsvr : TTY=pts/tb ; PWD=/home/stony ; USER=root
; COMMAND=/usr/bin/rlogin bkpsvr
May 25 13:07:26 : hpce : HOST=bkpsvr : TTY=pts/1 ; PWD=/home/stony ; USER=root
; COMMAND=/bin/rlogin bkpsvr
###########################################
The log file only lists the timestamp when I tried to run a command.
What I want sudo is to tell me, what command was executed eg cmviewcl / swlist etc.
What option should be included to enable detailed logging.
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 12:57 AM
тАО05-25-2009 12:57 AM
Re: SUDO: Detailed commad logging
you can get detail logs in same file /var/adm/syslog/syslog.log
however you should check the logfile location through
visudo
and see if the logfile= option has been set. As mentioned, the syslog file (/var/adm/syslog/syslog.log) file will have the details, but check /etc/syslog.conf for syslog options too.
thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 01:24 AM
тАО05-25-2009 01:24 AM
Re: SUDO: Detailed commad logging
sudo already logs commands.check COMMAND line in log. just it does not log directions ( > )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 02:26 AM
тАО05-25-2009 02:26 AM
Re: SUDO: Detailed commad logging
the log option we use is
Defaults syslog=auth
Defaults log_year,logfile=/var/adm/syslog/sudo.log
Defaults !set_logname
THis will give almost the same output like yours with year
>>>What I want sudo is to tell me, what command was executed eg cmviewcl / swlist etc.
Your log file showing the command executed !!!
###########################################
root@bkpsvr#cat /var/run/sudo/sudo.log
May 25 12:52:12 : stony : HOST=bkpsvr : TTY=pts/tb ; PWD=/home/stony ; USER=root
; COMMAND=/usr/bin/rlogin bkpsvr
May 25 13:07:26 : hpce : HOST=bkpsvr : TTY=pts/1 ; PWD=/home/stony ; USER=root
; COMMAND=/bin/rlogin bkpsvr
###########################################
>>The log file only lists the timestamp when I tried to run a command.
Thanks!!
Johnson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 03:46 AM
тАО05-25-2009 03:46 AM
Re: SUDO: Detailed commad logging
You gave the information
the log option we use is
Defaults syslog=auth
Defaults log_year,logfile=/var/adm/syslog/sudo.log
Defaults !set_logname
Where is that file???
In my server there is no file like var/run/sudo/sudo.log
Regards
Sunny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 04:00 AM
тАО05-25-2009 04:00 AM
Re: SUDO: Detailed commad logging
I guess i didnt get u correctly :-(
the log option should be included in th sudoers file using visudo
your below statement confusing me ..
********************************
Stony >>>>>>############################################
contents of the log file generate /var/run/sudo/sudo.log
###########################################
root@bkpsvr#cat /var/run/sudo/sudo.log
May 25 12:52:12 : stony : HOST=bkpsvr : TTY=pts/tb ; PWD=/home/stony ; USER=root
; COMMAND=/usr/bin/rlogin bkpsvr
May 25 13:07:26 : hpce : HOST=bkpsvr : TTY=pts/1 ; PWD=/home/stony ; USER=root
; COMMAND=/bin/rlogin bkpsvr
###########################################
The log file only lists the timestamp when I tried to run a command.
What I want sudo is to tell me, what command was executed eg cmviewcl / swlist etc.
stony>>In my server there is no file like var/run/sudo/sudo.log
********************************************
Now you are saying the yo could not find the
var/run/sudo/sudo.log file ..then from where did you get the log ???(see your first post)
Johnson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2009 03:07 AM
тАО05-26-2009 03:07 AM
Re: SUDO: Detailed commad logging
just type visudo at the prompt:
# visudo
you will be presented a vi-like editor which edits the /etc/sudoers file.
There should be some lines like:
Defaults syslog=auth
Defaults log_year,logfile=/var/adm/syslog/sudo.log
Defaults !set_logname
If you cannot find these then insert.
After that you'll find the logfile here:
/var/adm/syslog/sudo.log
Unix operates with beer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2009 05:27 AM
тАО05-26-2009 05:27 AM
Solutionif what you are asking is "How do I make the sudo log record all commands entered once the rlogin is accepted?" I believe the answer is "You don't".
Sudo will log the command presented to it...subsequent commands are executed by regular shells.
There used to be a "sudosh" package that had keystroke logging, but it appears not to have been active in a long time.
Commercial products, such as PowerBroker from Symark offer that capability as well, but I find their playback facilities of limited utility.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 03:30 AM
тАО05-27-2009 03:30 AM
Re: SUDO: Detailed commad logging
On closer analysis of my sudo configuration, i find that sudo logs my attempt to rlogin while rest of the commands is being run by the subshell.
Thanks 'old School' for your observation.
An additional query -- Apart from the commercial products, can we configure command logging for all user activity in syslog.
I will not mind scanning the syslog once in a day to find if someone is acting smart.
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 03:41 AM
тАО05-27-2009 03:41 AM
Re: SUDO: Detailed commad logging
This is a very popular request. Unfortunately, the answer is no. The only logging available for individuals user's commands is their shell history file, which WILL show you all the commands they entered, but will NOT have any date/time stamps, and CAN be altered by the user them selves (since they have to have write permissions, obviously) to hide their tracks.
Pete
Pete