Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where are sudo incidents reported? [closed]

People also ask

Where is sudo incident reported?

There are two places to find the logs of failed sudo attempts: the journalctl service and the rsyslog standard logfiles.

Where can I find sudo logs?

The Authentication Log log.” You can find this log file's location by checking the sudoer's file. This, too, may be found in a different spot depending on the distribution. Usually, you'll find it at “/etc/sudoers.” Open it with your favorite text editor and search for the logfile entry.

Where is the sudo policy file stored?

It is the default sudo policy plugin. The policy is driven by the /etc/sudoers file or, optionally in LDAP.

Is not in the sudo file incident will be reported?

The error message looks like this: $ sudo -i [sudo] password for linuxconfig: linuxconfig is not in the sudoers file. This incident will be reported. In order to fix the error, all we need to do is add our user to the correct group.


Nevermind, I just found the answer in the alt-text at xkcd:

xkcd838

Replace root with your username, in my case ryan, so the log is found with:

cat /var/spool/mail/ryan

The report is sent as an email to the root user. Many Linux distributions will automatically setup an alias for that user directing the mail to the first account created during the install process.