07-14-2008
sudo or su logging
Jul 14 08:02:40 servera sshd[18240]: Accepted keyboard-interactive/pam for someuser from x.x.x.x port 1406 ssh2
Jul 14 08:02:48 servera su: - 1 someuser-root
Jul 14 08:03:03 servera sudo: someuser : TTY=pts/1 ; PWD=/home/someuser ; USER=root ; COMMAND=/usr/bin/su -
Jul 14 08:03:03 servera su: + 1 someuser-root
Line 1 - SSH to the server
Line 2 - invalid password "sudo su -"
Line 3,4 - Successful "sudo su -"
I would like to beable to link a failed "sudo su -" to the ssh login, but there is no data other than username.
If a user is logged in multiple times or from multiple locations there is no way to differenciate the logins.
We currently have a report emailed to us letting us know this data to determine if someusers are trying to run commands they are not supposed to, but management wants more info, like hostname and/or IP address of the user at the time the command was run.
Anyone have any ideas how to add log details for sudo or su?
sudolog only shows:
SU 07/14 08:17 + 0 someuser-root
SU 07/14 08:53 + 1 someuser-root
syslog.log only show:
Jul 14 08:02:40 servera sshd[18240]: Accepted keyboard-interactive/pam for someuser from x.x.x.x port 1406 ssh2
Jul 14 08:02:48 servera su: - 1 someuser-root
Jul 14 08:03:03 servera sudo: someuser : TTY=pts/1 ; PWD=/home/someuser ; USER=root ; COMMAND=/usr/bin/su -
Jul 14 08:03:03 servera su: + 1 someuser-root
Thanks,
Kyle
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi there,
It might seem tricky, I confess.
We use sudo to allow people to initiate priviledged commands (but not all commands) on our Unix systems.
To by pass this, some people initiate the sudo su - command ;
The main issue is to 'know' what those people do when they gain root access.... (4 Replies)
Discussion started by: linuxmtl
4 Replies
2. UNIX for Dummies Questions & Answers
Hi all,
I have two problems, My system is SunOS 5.9:
1- I have installed sudo but I have a problem logging user activities on other hosts, the way I installed it is that I installed sudo and the sudoers file in a shared directory on a NFS server which is mounted by all computers on the... (1 Reply)
Discussion started by: neked
1 Replies
3. UNIX for Dummies Questions & Answers
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies
4. AIX
Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run?
sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies
5. UNIX for Advanced & Expert Users
There was an update in sudo 1.7.5 :
-The I/O log directory may now be specified in the sudoers file.
I am stuck using sudo 1.7.4p6. Because it is supported by HP on thier HP-UX builds.
Is there a process to change this directory in sudo 1.7.4p6?
currently sudo 1.7.4p6's default is... (3 Replies)
Discussion started by: trimike
3 Replies
6. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
7. Shell Programming and Scripting
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies
8. Shell Programming and Scripting
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies
9. Solaris
Hi All
I have a requirement in which during sudo logging, I must get the year details also in sudo log file. As below output is not mentioning the year due to this I will not able to idenfiy that this log belong to 2012 or 2011 or 2010
Dec 12 11:30:21 XYZ sudo: user1 : TTY=pts/5 ;... (4 Replies)
Discussion started by: sb200
4 Replies
10. Linux
When unlocking a Linux server's console there's no event indicating successful logging
Is there a way I can fix this ?
I have the following in my rsyslog.conf
auth.info /var/log/secure
authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies
LEARN ABOUT DEBIAN
net::dbus::annotation
Net::DBus::Annotation(3pm) User Contributed Perl Documentation Net::DBus::Annotation(3pm)
NAME
Net::DBus::Annotation - annotations for changing behaviour of APIs
SYNOPSIS
use Net::DBus::Annotation qw(:call);
my $object = $service->get_object("/org/example/systemMonitor");
# Block until processes are listed
my $processes = $object->list_processes("someuser");
# Just throw away list of processes, pretty pointless
# in this example, but useful if the method doesn't have
# a return value
$object->list_processes(dbus_call_noreply, "someuser");
# List processes & get on with other work until
# the list is returned.
my $asyncreply = $object->list_processes(dbus_call_async, "someuser");
... some time later...
my $processes = $asyncreply->get_data;
DESCRIPTION
This module provides a number of annotations which will be useful when dealing with the DBus APIs. There are annotations for switching
remote calls between sync, async and no-reply mode. More annotations may be added over time.
METHODS
dbus_call_sync
Requests that a method call be performed synchronously, waiting for the reply or error return to be received before continuing.
dbus_call_async
Requests that a method call be performed a-synchronously, returning a pending call object, which will collect the reply when it
eventually arrives.
dbus_call_noreply
Requests that a method call be performed a-synchronously, discarding any possible reply or error message.
AUTHOR
Daniel Berrange <dan@berrange.com>
COPYRIGHT
Copright (C) 2006-2011, Daniel Berrange.
SEE ALSO
Net::DBus, Net::DBus::RemoteObject
perl v5.14.2 2011-06-30 Net::DBus::Annotation(3pm)