SUDO Installation and capture command used by login user
root@SAPTEST3 # pkgadd -d libgcc-3.4.6-sol10-sparc-local
@SAPTEST3 # pkgadd -d libiconv-1.14-sol10-sparc-local
@SAPTEST3 # pkgadd -d libintl-3.4.0-sol10-sparc-local
oot@SAPTEST3 # pkgadd -d zlib-1.2.5-sol10-sparc-local
root@SAPTEST3 # pkgadd -d sudo-1.8.1p2-sol10-sparc-local
export PATH=/usr/local/bin
export PATH=/usr/local/sbin/
Now we can edit the SUDO file with command VISUDO.
root@SAPTEST3 # visudo
There is entry for root like this.
root ALL=(ALL) ALL
To give users full accesses make the entry in sudo like below
Exp:
test ALL=(ALL) ALL
Now test have the full access like ROOT.
Exp:
test@SAPTEST3 # sudo mkdir testdir
Capture the used command by “test” user
Add the below entry in /etc/syslog.conf file
Local2.debug /var/log/sudolog
And make the entry in sudo file below entry.
root@SAPTEST3 # visudo
Defaults logfile=/var/log/sudolog.log
Make the sudolog file:
touch /var/log/sudolog
Restart the syslogd process.
ps -ef | grep -i syslogd
root 5184 1 0 01:51:49? 0:00 /usr/sbin/syslogd
root 8063 7831 0 00:16:45 pts/1 0:00 grep -i syslogd
Kill –HUP 5184.
From another session login with “test” user run any command
Enter any Command
Exp: sudo ls
And see the entry in below file.
root@SAPTEST3 # cat /var/log/sudolog
Feb 16 00:20:36 : test : TTY=pts/2 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/ls
Feb 16 00:21:33 : test : TTY=pts/2 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/ls
Feb 16 00:21:34 : test : TTY=pts/2 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/ls
No comments:
Post a Comment