From sudo The command grants the superuser or root privileges to the user. I’m sure you gave them the “great power comes great responsibility” speech. Here’s how to check if they listened.
sudo . command
From sudo The command is an abbreviation for “alternate user”. This allows the authorized person to run commands as if they were another user. You can use command line parameters. One of them is the username that runs the command. The most common method sudo Used to delete command line options and use the default action. This command works effectively as the root user.
to use sudo This method requires special permissions.Only available for premium users sudoAfter installing any modern Linux distribution, you will be asked to set a root password. sudoPermission to do this is granted to the normal user created during installation. This is the recommended way to handle root user access to functions. The old way was to create a root user and log in as a user to administer the system.
This was a dangerous scenario. It was easy to forget to log out and log back in as a normal user when root privileges were no longer needed. Or was he lazy? Any mistake you make as root in a terminal window, no matter how serious, will be executed. Anything the shell blocks if a normal user tries to run it will work fine when rooted. Using the root account instead of the normal account is also a security risk.
Usage sudo Focus your mind. You’re in the same dangerous waters, but you consciously choose to do it, and hopefully, do it very carefully, if only if you have to.
When you open root access to other users, you want to know that they are just as careful as you are. You don’t want them to follow orders rashly or guesswork. The correctness of a Linux installation depends on power users who act in a respectful and responsible manner.
There are several ways to monitor root usage.
auth.log . file
Some distros keep authentication logs in a file called “auth.log”. With the emergence and rapid spread systemdFrom ., the need for the “auth.log” file has been removed systemd-journal The daemon combines the system logs into a then-new binary format, journalctl Provides a way to check and inspect records.
If you have an “auth.log” file on your Linux computer, it is likely located in the “/var/log/” directory, but on some distributions the file name and path is “/var/log/Audit/Audit”. register. “
I can open the file with less like him. Set the path and file name to match your distribution, and be prepared in case Linux doesn’t create the authorization file.
This worked for me on Ubuntu 22.04.
less /var/log/auth.log
The log file will open and you can either scroll through the file or use less’s built-in search function to search for ‘sudo’.
Even if you use the search function lesswhich may take a while to find it sudo Interesting entry.
Let’s say you want to know what the user calls mary used sudo for.to search log files grep For lines containing “sudo”, connect the output grep Again, find the line that contains the word “Mary.”
be cerfull sudo before grep When before the log file name.
sudo grep sudo /var/log/auth.log | grep "mary"
This will give you lines containing ‘sudo’ and ‘mary’.
the user mary according to sudo At 15:25 I opened the concession and at 15:27 fstab file in the editor. This is the type of activity that requires you to start chatting with users and then dig deeper.
Using Journalctl
Recommended method systmdThe primary Linux distribution is journalctl Command to check the system registry.
pass the program name journalctl Search the log file for entries containing references to this program sudo Binary is in “/usr/bin/sudo”, you can pass this journactl. From -e (Exit pager) Option says journalctl The default pager file opens. Usually this is lessThe screen will automatically scroll to the bottom, showing the most recent entries.
sudo journalctl -e /usr/bin/sudo
Entering a special record sudo They are listed below.
Use the RightArrow key to scroll to the right and see the commands used on each call. sudo. (Or open and expand the Terminal window.)
Because the output is displayed lessIt allows you to search for text such as command names, usernames, and timestamps.
Related: How to read Linux system logs with Journalctl
Use the GNOME Registry Tool
Graphical desktop environments usually include a way to display logs. We’ll take a look at the GNOME Log utility. To access the History tool, press the “Super” key to the left of the “Spacebar.”
Enter “Register” in the search field. The log icon appears.
Click the icon to launch the Logs app.
Click a category in the sidebar to filter log messages by message type. For a finer selection, in the sidebar.[すべて]Click a category, then click the magnifying glass icon in the toolbar. Enter your search text. Search for “sudo”.
The event list is filtered to display only related events. sudo instructions. A small gray block at the end of each line contains the number of entries for this event session. Click a row to expand it.
I clicked on the top row to see the details of the 24 entries for that session.
After scrolling a little journalctl Help.User mary.’s Unexplained Editing Session fstab The files are found instantly. You can also search for the word “Mary”, but this will include entries other than the word “Mary” you are using. sudo.
Not everyone needs root access
If you have real logical requirements, sudo It makes sense to grant privileges to other users. Likewise, it makes sense to check if these powers are being used or abused, especially right following they have been granted.
