sudo+syslog日志审计+登陆用户操作统计
1、查询系统是否已安装sudo、syslog程序 [ root@shangke ~ ] # rpm -qa|egrep "sudo|syslog" rsyslog-5.8.10-10.el6_6.x86_64 sudo-1.8.6p3-19.el6.x86_64 如果没有安装,则用yum安装,yum install -y sudo syslog 2、配置/etc/sudoers 增加配置“Defaults logfile=/var/log/sudo.log”到/etc/sudoers中 [ root@shangke ~ ] # echo "Defaults logfile=/var/log/sudo.log" >>/etc/sudoers [ root@shangke ~ ] # tail -1 /etc/sudoers ##检查操作是否成功 Defaults logfile = /var/log/sudo.log [ root@shangke ~ ] # visudo -c ##检查sudoers文件语法 /etc/sudoers: parsed OK 3、配置系统日志 增加配置local2.debug到/etc/syslog.conf中(Centos5.8中) 增加配置local2.debug到/etc/rsyslog.conf中(Centos6.4中) [ root