Where are sudo incidents reported?
LinuxCommand LinePermissionsDebianSudoLinux Problem Overview
Attempting something devious on my machine leads to
ryan@debian:~$ sudo EAT_ALL_THE_COOKIES_BEFORE_DINNER
[sudo] password for ryan:
ryan is not in the sudoers file. This incident will be reported.
Where is this incident reported, and how do I get the log of all the nasty attempted commands?
Linux Solutions
Solution 1 - Linux
Nevermind, I just found the answer in the alt-text at xkcd:
![xkcd838][1]
[1]: https://imgs.xkcd.com/comics/incident.png "He sees you when you're sleeping, he knows when you're awake, he's copied on /var/spool/mail/root, so be good for goodness' sake."
Replace root
with your username, in my case ryan
, so the log is found with:
cat /var/spool/mail/ryan
Solution 2 - Linux
The report is sent as an email to the root
user. Many Linux distributions will automatically setup an alias for that user directing the mail to the first account created during the install process.