sudo日志记录

dpkg -l | egrep -i "sudo|syslog"
apt install sudo rsyslog -y


# 配置/etc/sudoers
vim /etc/sudoers
Defaults     logfile=/var/log/sudo.log
Defaults     !syslog


# 检查sudoers文件语法
sudo visudo -c


# 增加配置local2.debug到/etc/rsyslog.conf中
vim /etc/rsyslog.conf
local2.debug    /var/log/sudo.log

/etc/init.d/rsyslog  restart

#!/bin/sh

cd /var/log/
logfile="sudo.log"
newfile=$logfile"_`date +%Y%m%d%H%M%S`"
filesize=`ls -l $logfile | awk '{ print $5 }'`
maxsize=$((1024*10))
if [ -f $logfile -a $filesize -gt $maxsize ]
then
    echo "$filesize > $maxsize"
    echo '1234' | sudo -S mv $logfile $newfile
    echo '1234' | sudo -S tar zcf $newfile.tar.gz  $newfile &>/dev/null
    echo '1234' | sudo -S rm -rf $newfile
    # echo -n "" | sudo tee $logfile        #清空文件内容
else 
    echo "$filesize < $maxsize"
fi
cd ~



 可以编辑: 
     [root@store root]# vi /etc/sudoers 
     添加一行: 
     nobody ALL = NOPASSWD: /usr/sbin/delsudolog.sh