Where are unauthorized sudo attempts reported to?

sudo logs

Where are unauthorized sudo attempts reported to?

When you attempt to use sudo, and are not allowed, a message says that the attempt will be reported.

Is this only reported in /var/log/auth.log? Is there another place? The reason I ask, is because the log contains so much that it's not a very good way of viewing often.


It is reported in that file in ubuntu. It quite easy to change that. Just add this line in your /etc/sudoers file. Use sudo visudo to edit the file.

Defaults    logfile=/var/log/sudo.log

You can change the file name to whatever you think is appropriate.


It is also sent by e-mail to root. If you want to have it sent to your user account instead, you can set an alias in /etc/aliases. In addition, if your system is configured properly to send e-mail to the outside world, you can alias it to any e-mail address. (To read e-mail sent to your local account, you can use, e.g., mutt.)

Related

Which image viewer is able to show coordinates?
Failed to set interface wlan0 into AP mode: Intel centrino N1000 Wireless
Localhost printer stuck at "Rendering Completed"
What is the difference between libcurl3 and libcurl4
How to know whether am the administrator of my Ubuntu?
Difference in Use between pwd and $PWD
how to give user server name instead of ip when connecting through SSH?
Xrandr message: Rate 144.0 Hz not available for this size
Ubuntu freezes after I run video on the full screen on Chrome 40
How to set default scale for bc calculator?
How to add images on a gameMap in JavaScript?
Remove gcc from Ubuntu