Apple - Where will the incident with the sudo command be reported to?

The event will be logged in /var/log/secure.log and a mail will be sent to root (which by default goes to /dev/null which is Unix speak for it is discarded).


In older versions of OS X (through 10.6 or maybe 10.7), the disallowed sudo attempt would be logged in /var/log/secure.log; in more recent versions it's recorded in the ASL (Apple System Log) database, in /var/log/asl/*. You can read this with the Console.app utility (select ALL MESSAGES in the sidebar, then if you can't find them use the search field in the upper right to search for sudo). You can also use the command-line syslog command to query the database (syslog -k Facility authpriv -k Sender sudo should do it). Note that with either Console.app or syslog, the entries will only be visible if you are running as an admin or root.

Source

Tags:

Terminal

Sudo

Related

Apple - Sanding off a MacBook's sharp edges Apple - How can I list all user accounts in the terminal? Apple - How can I mount an ext4 file system on OS X? Apple - Is there an app that will let me edit track information (title/artist)? Apple - Cmd+Tab switches to the correct space, but doesn't bring app up to front Apple - "iTunes Sync: X items could not be synced. See iTunes for more information." Apple - Compass in maps and app always wrong Apple - Is it possible to disable Terminal's automatic tweaking of colors in Lion? Apple - Printing the current date/time with sub-second precision Apple - Guest login got enabled even though FileVault 2 is enabled and Guest login is disabled Apple - Can the macbook air trackpad play nice with the iOS simulator? Apple - How to resolve error: "Couldn't modify partition map because file system verification failed"?

Recent Posts