Where are sudo incidents reported? [closed]
Attempting something devious on my machine leads to
ryan@debian:~$ sudo EAT_ALL_THE_COOKIES_BEFORE_DINNER
[sudo] password for ryan:
ryan is not in the sudoers file. This incident will be reported.
Where is this incident reported, and how do I get the log of all the nasty attempted commands?
Solution 1:
Nevermind, I just found the answer in the alt-text at xkcd:
Replace root
with your username, in my case ryan
, so the log is found with:
cat /var/spool/mail/ryan
Solution 2:
The report is sent as an email to the root
user. Many Linux distributions will automatically setup an alias for that user directing the mail to the first account created during the install process.