SUDO LOG FILE
Todd C. Miller
Todd.Miller at courtesan.com
Wed Apr 10 20:27:05 EDT 2002
In message <13.9af7d91.29e61bda at aol.com>
so spake (Octavio.Alvarez):
> I just installed sudo on our system successfully. I noticed that any user
> that are on the sudoer file can actually remove the sudo.log file. My
> question is how do I prevent sudoers from deleting or removing the sudo.log
> file.
If your operating system has support for append-only files you can
use those for the log file (though that makes log rotation problematic).
You can also use syslog to log sudo activity to a different (more
restrictive) machine.
- todd
More information about the sudo-users
mailing list