Set up email notification for any users whenever they try to access Sudo privileges. By adding few configuration changes in Sudo entry we can get notified through email.

Edit the sudoer file using visudo

# visudo

Enabled the sudo user and enter the following entry in bottom of the file

Defaults mailto = “alertforxxxxxx@gmail.com”
Defaults mailfrom = “root@xxxxxxx.com”
Defaults mail_badpass
Defaults mail_always
Defaults mail_no_user
Defaults mailsub = “*** Command run via sudo on %h ***”
Defaults badpass_message = “Please Provide Correct Password”
Defaults !lecture,tty_tickets,!fqdn,!syslog
Defaults logfile=/var/log/sudo.log

This will send email’s while some user’s use sudo command.

LEAVE A REPLY

Please enter your comment!
Please enter your name here