There are two places to find the logs of failed sudo attempts: the journalctl service and the rsyslog standard logfiles.
The Authentication Log log.” You can find this log file's location by checking the sudoer's file. This, too, may be found in a different spot depending on the distribution. Usually, you'll find it at “/etc/sudoers.” Open it with your favorite text editor and search for the logfile entry.
It is the default sudo policy plugin. The policy is driven by the /etc/sudoers file or, optionally in LDAP.
The error message looks like this: $ sudo -i [sudo] password for linuxconfig: linuxconfig is not in the sudoers file. This incident will be reported. In order to fix the error, all we need to do is add our user to the correct group.
Nevermind, I just found the answer in the alt-text at xkcd:
Replace root
with your username, in my case ryan
, so the log is found with:
cat /var/spool/mail/ryan
The report is sent as an email to the root
user. Many Linux distributions will automatically setup an alias for that user directing the mail to the first account created during the install process.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With