Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

Track sudo userids

I am trying to see if there is a way to tell what user used sudo to do work on the server. I need to know if there is a log file that has the userid of the person who invoked sudo to make changes in the system.

Thanks
0
hsdoctor
Asked:
hsdoctor
3 Solutions
 
joolsCommented:
this is usually logged in /var/log/messages or perhaps /var/log/secure, depends on your distro.
0
 
simon3270Commented:
or /var/log/auth.log (Ubuntu, Arch etc))
0
 
Jan SpringerCommented:
You can also define the name of the file to which you wish to log transactions in /etc/sudoers.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now