Recording user activity if they have "sudo bash" access

3

2

I would like to monitor all the commands when a user calls sudo bash, including the rest of the commands.

Rajeev

Posted 2012-01-26T08:56:11.117

Reputation: 31

Answers

3

Since version 1.7(ish?) sudo has an inbuilt logging feature.
In your sudoers file add: 

User_Alias SHELL_USERS = root,user2 
Defaults:SHELL_USERS log_output

Or for group based logging

Defaults:%shellusers log_output

Once a user uses sudo, everything they see will be captured and can be viewed in real time. Doesn't work so well when ncurses is involved.

http://www.gratisoft.us/sudo/sudoreplay.man.html

DarkHeart

Posted 2012-01-26T08:56:11.117

Reputation: 191

Asked: 2012-01-26T08:56:11.117

Viewed: 2 073 times

Active: 2012-01-26T09:09:16.583