Connect with us

Hi, what are you looking for?

Linux

How to Restricting and Logging Sudo Access on Linux

How to Restricting and Logging Sudo Access on Linux Distro Like CentOS, RHEL, Ubuntu, Fedora, Arch Linux, OpenSuse, etc. In production environments there is necessity to trace what each admin did being logged on shared account e.g. sudo root account. Sudo command is used in Linux operating system to temporary access to the root privileges to normal users.
After typing su - or sudo su -. They must be logged to know what was done during this usage of root account. The below document describes the methods, first to restrict such sudo access and then (if granted on special request) to track down and maintain their logs on the server like Page Break Scenarios.

Restricting # prompt to Sudo user

Step-1

Login to server on which you have to give access to.

Step-2

Create normal user if not already created.

Step-3

Assign password to the user.

Advertisement. Scroll to continue reading.
Step-4

Edit /etc/sudoers file or execute visudo.

Step-5

Add following line in the file:
where test is username

test  ALL=(ALL)  ALL,! /bin/su,! /bin/vi /etc/sudoers,! /usr/sbin/visudo
Step-6

Add following line at the end of file :

Defaults logfile=/var/log/sudolog

Save the changes with :wq!

Advertisement. Scroll to continue reading.

Unrestricted (Full access to Sudo user) and its secondary logging

Step-1

Add following lines in /root/.bashrc

# secondary logging begin
export HISTSIZE=600000
export HISTFILESIZE=600000
export HISTTIMEFORMAT="%F %T %z "
export HISTFILE=/var/log/sudousers_historylogs/root_history-$(who am i | awk '{print $1}';exit)
export PROMPT_COMMAND='history -a'
# secondary logging end
Step-2

Create directory /var/log/sudousers_historylogs

Step-3

Now after using sudo su - or su - from e.g. test sudo user, we have a file created in /var/log/sudousers_historylogs with name root_history-test after logging out from root account. Files are being created after we type exit to logoff from sudo root account.

Step-4

Once this file is created, we will have trace of what was going on during switched to sudo root user on the servers

Advertisement. Scroll to continue reading.
[root@Inde-test]#cat root_history-test
#1435037330
top
#1435037335
vi /root/
#1435037411
ls
#1435037511
reboot
Step-6

Now to decode the unique history timestamps (like 1435037511) logged in the file, simply run ‘date –d @’ followed by the timestamp you wish to decode. It will display the exact time during which the command was run on the server.

[root@inde-test sudousers_historylogs]# date -d @1435037511
Tue July 2 05:31:51 EST 2015

Which tells that “reboot” command was executed by the sudo user test on Tue July 2 05:31:51 EST 2015

Final Words

Now you have restricted sudo on your respective Linux distributions. for more support and information use the comment section below.

Advertisement. Scroll to continue reading.
Comments
Advertisement
Advertisement
Advertisement

You May Also Like

Windows

How to auto upgrade JioFi firmware for JioFi 2 / JioFi 3 / JioFi 4 / JioFi 5 / JioFi 6 and other JioFi...

Windows

Internet is the most important public network for connecting to the WEB. For internet connection requirement the ISP is required as well as it...

Windows

How to download and install the Mobile Intel 4 Series Express Chipset Graphics Drivers for Windows 10.  Windows 10 is the one of the...

Windows

How to Install and Configure PCSX2 on Windows 10. The Windows 10 is the most recommended operating system for the Games. In stream platform...