Where are unauthorized sudo attempts reported to?
When you attempt to use sudo, and are not allowed, a message says that the attempt will be reported.
Is this only reported in /var/log/auth.log
? Is there another place? The reason I ask, is because the log contains so much that it's not a very good way of viewing often.
It is reported in that file in ubuntu. It quite easy to change that. Just add this line in your
/etc/sudoers
file. Usesudo visudo
to edit the file.You can change the file name to whatever you think is appropriate.
It is also sent by e-mail to root. If you want to have it sent to your user account instead, you can set an alias in
/etc/aliases
. In addition, if your system is configured properly to send e-mail to the outside world, you can alias it to any e-mail address. (To read e-mail sent to your local account, you can use, e.g.,mutt
.)