Where are unauthorized sudo attempts reported to?

It is reported in that file in ubuntu. It quite easy to change that. Just add this line in your /etc/sudoers file. Use sudo visudo to edit the file.

Defaults    logfile=/var/log/sudo.log 

You can change the file name to whatever you think is appropriate.


It is also sent by e-mail to root. If you want to have it sent to your user account instead, you can set an alias in /etc/aliases. In addition, if your system is configured properly to send e-mail to the outside world, you can alias it to any e-mail address. (To read e-mail sent to your local account, you can use, e.g., mutt.)

Tags:

Sudo

Logs