Log sudoer & email reporting

ubuntu sudo logging

This is not a good idea. There are several weaknesses in this plan.

  1. If you don't trust him, don't give him access. E-Mailing you his evilness at the end of the day won't help anything if he has done it already by evening. And if he really wanted to compromise the system he'd surely find a way to manipulate those pesky emails. It's a pretty easy calculation, if a user you don't trust has administrative privileges on the system you can't trust the systems observation.

  2. If he really needs access, can we work around superuser privileges ? And if he really needs sudo, can it be restricted to just some commands.


The simple way to do this is to set up logwatch on your machine. By default logwatch generates an email every night that includes various system details and important log messages. By default it includes all logged sudo commands too.

Then just set the logwatch email address in /etc/logwatch.conf to your address, and you will receive those mails every night.

I strongly advise you to talk to the user in question and share your concerns with him honestly. Much better for him to know that he can ask you if he is confused about anything than for you to find mistakes in the logs. Trust, but verify.

Related

Default Microsoft Windows Update Server
Can I just delete leases in DHCP to force a new lease on client?
date -d: what are the accepted strings?
Network isolation with IPv6
How valuable is TCP Window Scaling?
Silently start Wireshark
Upgrading Windows Server 2008 to Enterprise Edition
how to find out what is causing huge dentry_cache usage?
Rack enclosure dimensions
I'm getting an error trying to add Active Directory Domain Service role to Windows Server 2008 R2
Can A Virtual Machine Be Converted to a Virtual Server e.g VMWare?
Apache ab: choosing number of concurrent connections