Security Basics mailing list archives
Re: How to track down which commands sudoers set up?
From: "Peter Morgan" <peterjmorgan () gmail com>
Date: Tue, 13 Jun 2006 11:52:27 -0500
Are you referring to the commands issued by a user with SUDO privileges, or someone that issued the su command to change from the current user to a UID of 0 (root)? In the first case, (on my Ubuntu Dapper system) you can look in the auth.log, it will list what command the user issued through sudo. If you can't find the logfile, try this: bash-$ grep -ilr sudo /var/log and that should find what file on your system houses the logs for sudo. In the second case, I do not believe there exists a default facility in linux to track what commands a user issued when having su'ed to root. The best you could do is copy the shell history file from /root and analyze what is left of that. If the user was doing something malicious (or something they didn't want logged) they likely would have erased those entries in the shell history file. Hope this helps, Peter On 6/13/06, Jannis Kafkoulas <kajannis () web de> wrote:
Hello, I'd like to find out what exactly any user did after they turned to superuser and when exactly each cmd was processed (in a Linux box). Can someone help me managing this? Many thanks Jannis ______________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
Current thread:
- How to track down which commands sudoers set up? Jannis Kafkoulas (Jun 13)
- Re: How to track down which commands sudoers set up? James Harless (Jun 13)
- Re: How to track down which commands sudoers set up? Erin Carroll (Jun 14)
- Re: How to track down which commands sudoers set up? Isaac Perez (Jun 13)
- Re: How to track down which commands sudoers set up? Sergio Guzman Lorz (Jun 14)
- Re: How to track down which commands sudoers set up? Peter Morgan (Jun 13)
- Message not available
- Fwd: How to track down which commands sudoers set up? Stuart Howard (Jun 14)
- Message not available
- Re: How to track down which commands sudoers set up? Michael Rice (Jun 14)
- Re: How to track down which commands sudoers set up? James Harless (Jun 13)
- Re: How to track down which commands sudoers set up? Huzeyfe Onal (Jun 14)
- Re: How to track down which commands sudoers set up? jm (Jun 14)
- Re: How to track down which commands sudoers set up? ascii (Jun 14)
- Re: How to track down which commands sudoers set up? Joe Hood (Jun 14)