How to Configure Sudo email alert

Introduction

Sudo email alert, If we need to get an alert when some user executes some command which not suppose to run. Or if some user not at all have sudo privilege and they try to get an administrative escalation by running sudo. This all can be get monitored instantly with the help of sudo email alert configuration.

To make this work, basically, we need to configure any one of the email clients or we can use a relay configuration to push the notifications through and relay server.

How to configure email alert when user run sudo on Linux?

Starting with configuration

Edit the sudoers file using # visudo

# visudo

Enabled the sudo user and enter the following entry in bottom of the file

Defaults mailto = "alertforxxxxxx@linuxsysadmins.com"
Defaults mailfrom = "root@xxxxxxx.com"
Defaults mail_badpass
Defaults mail_always
Defaults mail_no_user
Defaults mailsub = "*** Command run via sudo on %h ***"
Defaults badpass_message = "Please Provide Correct Password"
Defaults !lecture,tty_tickets,!fqdn,!syslog
Defaults logfile=/var/log/sudo.log

This will send email’s while any user’s use sudo command.

To setup the same alerts for a specific user, for instance user babin should be monitored for any sudo activities.

Defaults:babin mail_always

Only one line need a change.

One thought on “How to Configure Sudo email alert

Comments are closed.