Configuring Sudo with the log rotations for 90 days
To create the logs for 90 days
$touch /var/log/sudolog
vi /etc/sudoers and add following lines : -----
Defaults !syslog
Defaults logfile = /var/log/sudolog ----- Then save it.
Rotating this log file : vi /etc/logrotate.d/sudolog and put following : ------
/var/log/sudolog {
rotate 90
size 5M
postrotate
/usr/bin/killall -HUP syslogd
endscript
}
To add user in the sudo
User_Alias SIERRA = sadba
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
SIERRA ALL=/bin/chmod , /bin/chown , /bin/su - * , /bin/su * , !/bin/su - , !/bin/su - root
arvind ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
Defaults:SIERRA !lecture
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Defaults:SIERRA !lecture,timestamp_timeout=30
$touch /var/log/sudolog
vi /etc/sudoers and add following lines : -----
Defaults !syslog
Defaults logfile = /var/log/sudolog ----- Then save it.
Rotating this log file : vi /etc/logrotate.d/sudolog and put following : ------
/var/log/sudolog {
rotate 90
size 5M
postrotate
/usr/bin/killall -HUP syslogd
endscript
}
To add user in the sudo
User_Alias SIERRA = sadba
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
SIERRA ALL=/bin/chmod , /bin/chown , /bin/su - * , /bin/su * , !/bin/su - , !/bin/su - root
arvind ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
Defaults:SIERRA !lecture
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Defaults:SIERRA !lecture,timestamp_timeout=30
posted by Arnab Mukherjee @ 1:42 PM
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home