I'm not told to use the root user to perform activities that do not require it. I've configured sudo for myself and for other web developers so that they can restart MySQL or Apache web server. How do I send email when sudo run by one of my user? How do I keep track of user login done via sudo command?
sudo does greatly enhances the security of the system without sharing root password with other users and admins. sudo provides simple auditing and tracking features too.
Configure sudo To Send E-mail
Sudo can be configured to to send e-mail when the sudo command is used. Open /etc/sudoers file, enter:
# vi /etc/sudoers
Configure alter email id:
mailto "admin@staff.example.com"
mail_always on
Where,
- mailto "admin@staff.example.com" : Your email id.
- mail_always : Send mail to the mailto user every time a users runs sudo. This flag is off by default.
Additional options:
| Option | Description |
|---|---|
| mail_badpass | Send mail to the mailto user if the user running sudo does not enter the correct password. This flag is off by default. |
| mail_no_host | If set, mail will be sent to the mailto user if the invoking user exists in the sudoers file, but is not allowed to run commands on the current host. This flag is off by default. |
| mail_no_perms | If set, mail will be sent to the mailto user if the invoking user is allowed to use sudo but the command they are trying is not listed in their sudoers file entry or is explicitly denied. This flag is off by default. |
| mail_no_user | If set, mail will be sent to the mailto user if the invoking user is not in the sudoers file. This flag is on by default. |
Sudo Logfile
By default, sudo logs vis syslog. You can see sudo log in /var/log/auth.log (Debian / Ubuntu) or /var/log/secure (Redhat and friends). However, you can set path to the sudo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. Type the following command to edit the file:
# sudoedit /etc/sudoers
Set path to log file:
Defaults !lecture,tty_tickets,!fqdn,!syslog Defaults logfile=/var/log/sudo.log
Save and close the file. To see logs type:
# tail -f /var/log/sudo.log
# egrep -i 'foo' /var/log/sudo.log
# egrep -i 'user1|user2|cmd2' /var/log/sudo.log
Sample Outputs:
Jul 1 12:30:13 : vivek : TTY=pts/3 ; PWD=/home/vivek ; USER=root ; COMMAND=/bin/bash
Jul 1 12:34:02 : vivek : TTY=pts/0 ; PWD=/home/vivek ; USER=root ;
COMMAND=sudoedit /etc/sudoers
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 07/1/09
{ 7 comments… read them below or add one }
Thanks,
Good tips for staging-prod servers.. to catch all the activities….
thanks great tip for us
Thanks! This is one more step in creating a secure server environment and it keeps me from having to check the log files often.
I had to write it like this:
Defaults mailto="sudoers@domain.com",mail_always@Rolf,
Can you tell us about your sudo version?
Great!! Good job!!
I want to configure SUDO password when I use sudo command in terminal than It should be ask for password every time.
When I use putty and cert key than it is not asked for password.