From sudo The command grants the user superuser or root privileges. I’m sure you gave them the speech “with great power comes great responsibility”. Here’s how to check if they listened.
sudo command
From sudo The command is short for “alternate user”. This allows the authorized person to execute commands as if they were another user. You can use command line parameters. One of them is the username running the command, the most common method sudo Used to suppress command line options and use the default action. This command works effectively as the root user.
to use sudo This method requires special permissions. Only available for premium users sudoAfter installing a modern Linux distribution, you will be asked to set a root password. sudoPermission to do so is granted to the normal user created during installation. This is the recommended way to manage root user access to functions. The old method was to create a root user and log in as a user to administer the system.
This was a dangerous scenario. It was easy to forget to log out and log back in as a normal user when root privileges were no longer needed. Or was he lazy? Any mistake you make as root in a terminal window, no matter how serious, will be executed. Anything that the shell blocks if a normal user tries to run it will work fine when rooted. Using the root account instead of the regular account is also a security risk.
Usage sudo Focus your mind. You’re in the same dangerous waters, but you consciously choose to do it and hopefully do it very carefully, if only if necessary.
When you open root access to other users, you want to know that they are just as careful as you are. You don’t want them to rashly follow orders or guesswork. The correctness of a Linux installation depends on experienced users acting respectfully and responsibly.
There are several ways to monitor root usage.
auth.log .file
Some distributions keep authentication logs in a file called “auth.log”. With the emergence and rapid spread systemdSince., The need for the “auth.log” file has been removed systemd-journal The daemon combines the system logs into a new binary format, journalctl Provides a way to check and inspect records.
If you have an “auth.log” file on your Linux computer, it is likely located in the “/ var / log /” directory, but on some distributions the file name and path are “/ var / log / Audit / Audit “. Sign in. “
I can open the file with less like him. Set the path and filename to match your distribution and be prepared in case Linux doesn’t create the authorization file.
This worked for me on Ubuntu 22.04.
less /var/log/auth.log
The log file will open and you can either browse through the file or use less’s built-in search function to search for ‘sudo’.
Even if you use the search function lesswhich may take some time to find sudo Interesting entry.
Let’s say you want to know what the user calls mary Used sudo for. to search for log files grep For lines containing “sudo”, link the output grep Again, find the line that contains the word “Mary”.
be sure sudo before grep when before the log file name.
sudo grep sudo /var/log/auth.log | grep "mary"
This will give you lines containing ‘sudo’ and ‘mary’.
the user mary according to sudo At 15:25 I opened the concession and at 15:27 fstab file in the editor. This is the type of business that requires you to start chatting with users and then dig deeper.
Using Journalctl
Recommended method systmdThe main Linux distribution is journalctl Command to check the registry.
pass the program name journalctl Search the log file for entries containing references to this program sudo The binary is in “/ usr / bin / sudo”, you can pass this journactl. From -e (Exit the pager) The option says journalctl The default pager file opens, usually this one lessThe screen will automatically scroll down, showing the most recent entries.
sudo journalctl -e /usr/bin/sudo
Inserting a special record sudo They are listed below.
Use the right arrow key to scroll right and view the commands used on each call. sudo. (Or open and expand the Terminal window.)
Why is the output displayed lessIt allows you to search for text such as command names, usernames and timestamps.
Related: How to read Linux system logs with Journalctl
Use the GNOME registry tool
Graphical desktop environments typically include a way to view logs. We’ll take a look at the GNOME Log Utility. To access the History tool, press the “Super” key to the left of the “Spacebar”.
Enter “Register” in the search field. The log icon is displayed.
Click the icon to launch the Logs app.
Click a category in the sidebar to filter log messages by message type. For a more precise selection, in the sidebar.[すべて]Click a category, then click the magnifying glass icon in the toolbar. Enter your search text. Search for “sudo”.
The event list is filtered to show only related events. sudo Instructions. A small gray block at the end of each line contains the number of entries for this event session. Click on a row to expand it.
I clicked on the top row to see the details of the 24 entries for that session.
After shaking a little journalctl Help.User maryInexplicable editing session of. fstab Files are found instantly. You can also search for the word “Maria”, but this will include entries other than the word “Maria” you are using. sudo.
Not everyone needs root access
If you have real logical requirements, sudo It makes sense to grant privileges to other users. Likewise, it makes sense to check whether these powers are being used or abused, especially soon after they are granted.
–
