Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: sudo log files
Top Forums UNIX for Dummies Questions & Answers sudo log files Post 302156734 by Katkota on Tuesday 8th of January 2008 11:41:26 PM
Old 01-09-2008
sudo log files
folks;
I just did setup sudo on Solaris 10 through "sudoer" file.
Now, i try to look at the log files to see any user activities under /var/log/syslog & all i see if someone try to run "sudo -u root tcsh" & got an error or was successful. But i don't see any activities, for example:
if a user used: sudo chmod 755 /etc/passwd
and he was successful, i don't see any logs for this activities any where.

Any help?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

2. AIX

sudo log and sudo auditing

Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run? sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies

3. Shell Programming and Scripting

How can view log messages between two time frame from /var/log/message or any type of log files

How can view log messages between two time frame from /var/log/message or any type of log files. when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval. Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies

4. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

5. UNIX for Advanced & Expert Users

Sudo log

Hello, Is it possible to configure the sudo log to register the logname instead of the username? I mean, if user A logs and su (switch user) to user B and then uses SUDO to execute commands, the log will register actions of user B. What I need is to register these actions as being executed... (1 Reply)
Discussion started by: crematoriumm
1 Replies

6. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

7. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

8. UNIX for Dummies Questions & Answers

Sudo log

hi, i have installed sudo now want to create sudo log file to capture every sudo event like "if any user does sudo and then runs a command line, this all must be captured who did what" kindly assist plantform:- linux RHEL, soalris 10 (1 Reply)
Discussion started by: firozk679
1 Replies

9. Shell Programming and Scripting

Sudo or su keeps flooding my /var/log/messages

It is crazy when you just entered a command example sudo or su or even ps. It will flood your /var/log/messages. Please see duplicate entries except for the pid. At 1 specific time. Thanks $ cat b Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan... (3 Replies)
Discussion started by: invinzin21
3 Replies

10. Shell Programming and Scripting

Redirecting log files to null writing junk into log files

Redirecting log files to null writing junk into log files. i have log files which created from below command exec <processname> >$logfile but when it reaches some size i am redirecting to null while process is running like >$logfile manually but after that it writes some junk into... (7 Replies)
Discussion started by: greenworld123
7 Replies

LEARN ABOUT CENTOS

logadm_selinux

logadm_selinux(8)					logadm SELinux Policy documentation					 logadm_selinux(8)

NAME

       logadm_r - Log administrator role - Security Enhanced Linux Policy

DESCRIPTION

       SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.

       Note: Examples in this man page will use the staff_u SELinux user.

       Non  login  roles  are usually used for administrative tasks. For example, tasks that require root privileges.  Roles control which types a
       user can run processes with. Roles often have default types assigned to them.

       The default type for the logadm_r role is logadm_t.

       The newrole program to transition directly to this role.

       newrole -r logadm_r -t logadm_t

       sudo is the preferred method to do transition from one role to another.	You setup sudo to transition to logadm_r by adding a similar  line
       to the /etc/sudoers file.

       USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND

       sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL

       When using a a non login role, you need to setup SELinux so that your SELinux user can reach logadm_r role.

       Execute the following to see all of the assigned SELinux roles:

       semanage user -l

       You need to add logadm_r to the staff_u user.  You could setup the staff_u user to be able to use the logadm_r role with a command like:

       $ semanage user -m -R 'staff_r system_r logadm_r' staff_u

BOOLEANS

       SELinux policy is customizable based on least access required.  logadm policy is extremely flexible and has several booleans that allow you
       to manipulate the policy and run logadm with the tightest access possible.

       If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the  authlo-
       gin_nsswitch_use_ldap boolean. Disabled by default.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If  you want to deny user domains applications to map a memory region as both executable and writable, this is dangerous and the executable
       should be reported in bugzilla, you must turn on the deny_execmem boolean. Enabled by default.

       setsebool -P deny_execmem 1

       If you want to deny any process from ptracing or debugging any other processes, you must  turn  on  the	deny_ptrace  boolean.  Enabled	by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If  you	want  to  allow  all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.

       setsebool -P kerberos_enabled 1

       If you want to allow logging in and using the system from /dev/console, you must turn on  the  login_console_enabled  boolean.  Enabled	by
       default.

       setsebool -P login_console_enabled 1

       If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Enabled by default.

       setsebool -P nscd_use_shm 1

       If  you	want  to  disallow  programs, such as newrole, from transitioning to administrative user domains, you must turn on the secure_mode
       boolean. Enabled by default.

       setsebool -P secure_mode 1

       If you want to allow unconfined executables to make their stack executable.  This should never, ever be	necessary.  Probably  indicates  a
       badly  coded  executable,  but  could  indicate	an  attack.  This  executable  should be reported in bugzilla, you must turn on the selin-
       uxuser_execstack boolean. Enabled by default.

       setsebool -P selinuxuser_execstack 1

       If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean. Disabled by default.

       setsebool -P ssh_sysadm_login 1

       If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean. Disabled by default.

       setsebool -P use_nfs_home_dirs 1

       If you want to support SAMBA home directories, you must turn on the use_samba_home_dirs boolean. Disabled by default.

       setsebool -P use_samba_home_dirs 1

       If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn  on  the	xdm_sysadm_login  boolean.
       Disabled by default.

       setsebool -P xdm_sysadm_login 1

MANAGED FILES

       The SELinux process type logadm_t can manage files labeled with the following file types.  The paths listed are the default paths for these
       file types.  Note the processes UID still need to have DAC permissions.

       auditd_etc_t

	    /etc/audit(/.*)?

       auditd_log_t

	    /var/log/audit(/.*)?
	    /var/log/audit.log.*

       auditd_unit_file_t

	    /usr/lib/systemd/system/auditd.*

       auditd_var_run_t

	    /var/run/auditd.pid
	    /var/run/auditd_sock
	    /var/run/audit_events

       klogd_tmp_t

       klogd_var_run_t

	    /var/run/klogd.pid

       logfile

	    all log files

       syslog_conf_t

	    /etc/syslog.conf
	    /etc/rsyslog.conf
	    /etc/rsyslog.d(/.*)?

       syslogd_tmp_t

       syslogd_var_lib_t

	    /var/lib/r?syslog(/.*)?
	    /var/lib/syslog-ng(/.*)?
	    /var/lib/syslog-ng.persist
	    /var/lib/misc/syslog-ng.persist-?

       syslogd_var_run_t

	    /var/run/log(/.*)?
	    /var/run/syslog-ng.ctl
	    /var/run/syslog-ng(/.*)?
	    /var/run/systemd/journal(/.*)?
	    /var/run/metalog.pid
	    /var/run/syslogd.pid

       systemd_passwd_var_run_t

	    /var/run/systemd/ask-password(/.*)?
	    /var/run/systemd/ask-password-block(/.*)?

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), logadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

mgrepl@redhat.com						      logadm							 logadm_selinux(8)
All times are GMT -4. The time now is 11:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy