Re: How to track down which commands sudoers set up?

[James Harless <jharless () kidwellcompanies com>]

Hmm.. You present a couple of different ideas here.  I'm not sure which is
the core of your issue.  Your subject suggests that you're looking to track
down people using 'sudo'.  I don't know which version of linux you're using
but, on my OpenBSD boxes, there is a file (/var/log/secure) which stores
each command that someone runs with the sudo command.

In the body of your message you suggest that they actually 'turned to
superuser' which is typically indicative of the 'su' command.  I can't offer
any insight into how your particular setup logs commands run as root but,
that is a cited reason for using sudo vs. su--logging.  Obviously, someone
can use sudo to dump the log...but, you'd see that, too (unless they're
pretty clever).

James


On 6/13/06 8:58 AM, "Jannis Kafkoulas" <kajannis () web de> wrote:

> Hello,
>
> I'd like to find out what exactly any user did after they turned to superuser
> and when exactly each cmd was processed (in a Linux box).
>
> Can someone help me managing this?
>
> Many thanks
>
> Jannis
> ______________________________________________________________
> Verschicken Sie romantische, coole und witzige Bilder per SMS!
> Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193