Comments on: 10 Quick Tips About sudo command for Linux systems https://www.linuxtechi.com/quick-tips-sudo-command-linux-systems/ Tue, 18 Feb 2020 03:30:24 +0000 hourly 1 By: Vince SH https://www.linuxtechi.com/quick-tips-sudo-command-linux-systems/#comment-3577 Mon, 05 Mar 2018 16:25:39 +0000 https://www.linuxtechi.com/?p=7533#comment-3577 I always include the following lines in my /etc/sudoers:

Defaults logfile = /var/log/sudo.log, log_host, log_year
Defaults log_input, log_output, iolog_dir = /var/log/sudo-io/%{user}

The first line just adds hostname and the year parameter in /var/log/sudo.log. For viewing the logs from multiple servers, these parameters allow easier queries by hostname and date.

The second line is where the magic happens. This line tells sudo to log all input and output of each session. Using the sudoreplay command, I can replay any sudo session as though I was watching it happen live. The sudoreplay is great when people come to you and say, “I don’t know what I did, but something is broken.” Using the sudoreplay command, you will know EXACTLY what that person did.

]]>