How to log all sudo commands

Some times it’s necessary to log all the sudo commands run in your environment.

Let’ss see how to achieve this.

Step 1: Edit the sudoers file by running visudo

# visudo

 

Step 2: Add the below line to the Defaults section

Defaults logfile=/var/log/sudo

Now all the commands from a sudo user will be logged in /var/log/sudo file.

[root@nodhop ~]# cat /var/log/sudo
Jan 11 09:40:49 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
COMMAND=/bin/su –
Jan 11 09:41:56 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
COMMAND=/bin/ls /var/www/html
Jan 11 09:42:08 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
COMMAND=/bin/cat /etc/passwd
Jan 11 09:42:47 : user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ;
COMMAND=/bin/su –