sudo: 3 incorrect password attempts - can root see the password in clear text?

security password sudo

If some user can't access some command with sudo 3 times, this should be reported to root user in access logs\errors..

Can root see these attempts (like passwords tried) in text in the logs?


Solution 1:

No, passwords are not logged by default. This would be a security problem, as logs may be read by other administrators, allowing impersonation of the user in case of a slightly mistyped password.

Solution 2:

Login attempts successful and unsuccessful are logged in 

/var/log/auth.log

Example of a successful attempt:

Oct 23 21:24:01 schijfwereld sudo: rinzwind : TTY=pts/0 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash
Oct 23 21:24:01 schijfwereld sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

And unsuccessful:

Oct 23 21:25:33 schijfwereld sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=rinzwind rhost=  user=rinzwind
Oct 23 21:26:02 schijfwereld sudo: rinzwind : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash

It logs the failed attempt and logs also the total of 3 wrongly typed passwords.

Passwords for sudo attempts are never shown or stored.

Related

Are there cases where vi is the only option?
I accidentally unset $PATH. Why did `echo` still work?
How to remove Skype?
Which package is the command 'cd' in? [duplicate]
Enable dark mode on chrome's internal pages
How to remove old kernel versions automatically? [duplicate]
Autoconnecting seamlessly to Bluetooth headset (Sennheiser Momentum M2 AEBT) in Ubuntu 16.04
How to get IMDb info in Nautilus properties?
How can I set 'Print to File' as my default printing option?
How to make faster first search at Unity-Dash? Way slower than second one
How to get a normal application menu in the top- or titlebar in Gnome
How to stop reordering of the same kind multiple preview windows in task switching?