Sudo可以让普通用户执行一些只有root可以执行的命令,为了更好的查看用户使用sudo的情况,需要配置sudo系统日志。
首先进入root管理权限下:
0 |
[root@www ~]# visudo #此举实际是修改的/etc/sudoers,但是如果直接修改/etc/sudoers是没有语法检查的,因此采用visudo |
内容如下(配置用户byrd有所有权限):
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple ## systems). ## Syntax: ## ## user MACHINE=COMMANDS ## ## The COMMANDS section may have other options added to it. ## ## Allow root to run any commands anywhere root ALL=(ALL) ALL byrd ALL=(ALL) ALL ## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL |
尝试切换到root权限
0 1 2 3 4 5 |
[root@www ~]# visudo visudo: /etc/sudoers.tmp unchanged [root@www ~]# su - byrd [byrd@www ~]$ sudo su - [sudo] password for byrd: [root@www ~]# |
增加sudo日志:
①:创建sudo.log文件
0 |
[root@www ~]# touch /var/log/sudo.log #建立sudo日志文件 |
②:在/etc/sudoers中增加日志输出
0 1 2 |
[root@www ~]# visudo 在结尾增加: Defaults logfile=/var/log/sudo.log #增加日志输出地址 |
③:编辑系统日志配置文件
0 1 2 3 4 5 6 7 8 9 10 |
[root@www ~]# vi /etc/rsyslog.conf #编辑系统日志文件 增加: local2.debug /var/log/sudo.log #debug后使用TAB跳格 [root@nginx ~]# service rsyslog restart #重新启动系统日志服务 Shutting down system logger: [ OK ] Starting system logger: [ OK ] [byrd@nginx ~]$ cat /var/log/sudo.log Mar 31 08:53:00 : byrd : TTY=pts/0 ; PWD=/home/byrd ; USER=root ; COMMAND=/bin/su - Mar 31 08:56:29 : byrd : TTY=pts/0 ; PWD=/home/byrd ; USER=root ; COMMAND=/bin/ls |
第三步,可以省略。
申明:本文由BYRD原创(基于Centos6.4 X64),未经许可禁止转载!SourceByrd's Weblog-https://note.t4x.org/system/sudo-log-config/ SourceByrd's Weblog-https://note.t4x.org/system/sudo-log-config/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!