在阅读有关 Linux 的文章时,尤其是有关sudo,我得到了:
/var/log/secure当尝试执行sudo bash但未成功验证用户身份时,系统日志文件(通常)中会出现如下消息:authentication failure; logname=op uid=0 euid=0 tty=/dev/pts/6 ruser=op rhost= user=op conversation failed auth could not identify password for [op] op : 1 incorrect password attempt ; TTY=pts/6 ; PWD=/var/log ; USER=root ; COMMAND=/bin/bash
然后我在 shell 提示符下尝试了一下:
anupam@JAZZ:~$ sudo bash
[sudo] password for anupam:
root@JAZZ:~#
然后当我寻找时/var/log/secure,它不在那里
anupam@JAZZ:~$ more /var/log/secure
/var/log/secure: No such file or directory
anupam@JAZZ:~$ ls /var/log
alternatives.log auth.log dmesg gpu-manager.log mysql.log pm-suspend.log.2.gz upstart
alternatives.log.1 auth.log.1 dmesg.0 hp mysql.log.1.gz samba wtmp
alternatives.log.2.gz auth.log.2.gz dmesg.1.gz installer mysql.log.2.gz speech-dispatcher wtmp.1
apache2 auth.log.3.gz dmesg.2.gz jetty mysql.log.3.gz syslog Xorg.0.log
apport.log auth.log.4.gz dmesg.3.gz kern.log mysql.log.4.gz syslog.1 Xorg.0.log.old
apport.log.1 boot.log dmesg.4.gz kern.log.1 mysql.log.5.gz syslog.2.gz Xorg.1.log
apport.log.2.gz bootstrap.log dpkg.log kern.log.2.gz mysql.log.6.gz syslog.3.gz Xorg.1.log.old
apport.log.3.gz btmp dpkg.log.1 kern.log.3.gz mysql.log.7.gz syslog.4.gz
apport.log.4.gz btmp.1 dpkg.log.2.gz kern.log.4.gz pm-powersave.log syslog.5.gz
apport.log.5.gz ConsoleKit faillog lastlog pm-powersave.log.1 syslog.6.gz
apport.log.6.gz cups fontconfig.log lightdm pm-powersave.log.2.gz syslog.7.gz
apport.log.7.gz dbconfig-common fsck mysql pm-suspend.log udev
apt dist-upgrade gdm mysql.err pm-suspend.log.1 unattended-upgrades
/var/log/secure我的系统中还有其他替代方案吗?
答案1
此类日志事件通常在 Debian 及其衍生产品(包括 Ubuntu)的 /var/log/auth.log 中找到。