I'm not told to use the root user to perform activities that do not require it. I've configured sudo for myself and for other web developers so that they can restart MySQL or Apache web server. How do I send email when sudo run by one of my user? How do I keep track of user login done via sudo command?
sudo does greatly enhances the security of the system without sharing root password with other users and admins. sudo provides simple auditing and tracking features too.
Configure sudo To Send E-mail
Sudo can be configured to to send e-mail when the sudo command is used. Open /etc/sudoers file, enter:
# vi /etc/sudoers
Configure alter email id:
mailto "email@example.com" mail_always on
- mailto "firstname.lastname@example.org" : Your email id.
- mail_always : Send mail to the mailto user every time a users runs sudo. This flag is off by default.
|mail_badpass||Send mail to the mailto user if the user running sudo does not enter the correct password. This flag is off by default.|
|mail_no_host||If set, mail will be sent to the mailto user if the invoking user exists in the sudoers file, but is not allowed to run commands on the current host. This flag is off by default.|
|mail_no_perms||If set, mail will be sent to the mailto user if the invoking user is allowed to use sudo but the command they are trying is not listed in their sudoers file entry or is explicitly denied. This flag is off by default.|
|mail_no_user||If set, mail will be sent to the mailto user if the invoking user is not in the sudoers file. This flag is on by default.|
By default, sudo logs vis syslog. You can see sudo log in /var/log/auth.log (Debian / Ubuntu) or /var/log/secure (Redhat and friends). However, you can set path to the sudo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. Type the following command to edit the file:
# sudoedit /etc/sudoers
Set path to log file:
Defaults !lecture,tty_tickets,!fqdn,!syslog Defaults logfile=/var/log/sudo.log
Save and close the file. To see logs type:
# tail -f /var/log/sudo.log
# egrep -i 'foo' /var/log/sudo.log
# egrep -i 'user1|user2|cmd2' /var/log/sudo.log
Jul 1 12:30:13 : vivek : TTY=pts/3 ; PWD=/home/vivek ; USER=root ; COMMAND=/bin/bash Jul 1 12:34:02 : vivek : TTY=pts/0 ; PWD=/home/vivek ; USER=root ; COMMAND=sudoedit /etc/sudoers