see a report of all unauthorized sudo attempts
logwatch --print --service sudo --range all
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Fri Feb 13 14:34:36 2009
Date Range Processed: all
Detail Level of Output: 5
Type of Output: unformatted
Logfiles for Host: ubuntu
##################################################################
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
root => root
------------
/bin/sh - 31 Times.
root => user
------------
/usr/bin/gconftool - 66 Times.
==============================================================================
user => root
------------
/bin/bash - 1 Times.
/bin/cat - 1 Times.
/bin/chmod - 2 Times.
/bin/sh - 1 Times.
/etc/init.d/apache2 - 4 Times.
/etc/init.d/networking - 1 Times.
/sbin/fdisk - 1 Times.
/sbin/init - 1 Times.
/usr/bin/apt-get - 16 Times.
/usr/bin/at - 11 Times.
/usr/bin/find - 12 Times.
/usr/bin/gedit - 10 Times.
/usr/bin/ldd - 2 Times.
/usr/bin/lsb_release - 1 Times.
/usr/bin/myisamchk - 4 Times.
/usr/bin/nautilus - 7 Times.
/usr/bin/passwd - 1 Times.
/usr/sbin/ethtool - 4 Times.
/usr/sbin/synaptic - 7 Times.
/usr/sbin/tcpdump - 3 Times.
To see only yesterdays entries:-
logwatch --print | less
To see all useful data logwatch can display
logwatch --range all --archives --detail High --print|less
see:-
https://help.ubuntu.com/community/Logwatch
http://www.logwatch.org
No comments:
Post a Comment