Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Monitoring What Your Privileged Users are doing on Linux and UNIX current page
Link copied

Monitoring What Your Privileged Users are doing on Linux and UNIX

Resource default
Monitoring What Your Privileged Users are doing on Linux and UNIX

Get Instant Access to this Content

Learn more about how to secure your business from threats in places you didn't even know existed.

In previous webinars Randy Franklin Smith has showed us how to control what privileged authority in Linux and UNIX. With sudo you can give admins the authority they need without giving away root and all the security risks and compliance problems caused by doing so. But once you carefully delegate limited, privileged authority with sudo you still need an audit trail of what admins are doing. A privileged user audit trail is irreplaceable as a deterrent and detective control over admins and in terms of implementing basic accountability. But in today’s environment of advanced and persistent attackers you also need the ability to actively monitor privileged user activity for quick detection of suspicious events.

Security expert, Randy Franklin Smith, will dive into the logging capabilities of sudo. Sudo provides event auditing for tracking command execution by sudoers – both for successful and denied sudo requests as well as errors. Randy shows you how to enable sudo auditing and how to control where it’s logged, if syslog is used and more importantly: what do sudo logs looks like and how do you interpret them?

But sudo also offers session auditing (aka the iolog) which allows you to capture entire sudo sessions including both input and output of commands executed through sudo whether in an interactive shell or via script. Randy demonstrates how to configure sudo session logging and how to view recorded sessions with sudoreplay.

After Randy presents, Paul Harper from BeyondTrust shows you how PowerBroker UNIX & Linux builds on sudo’s audit capabilities.

Latest
  • Mapping BeyondTrust Capabilities to the Operational Technology Cybersecurity Controls (OTCC)
    May 14, 2026 Mapping BeyondTrust Capabilities to the Operational Technology Cybersecurity Controls (OTCC)
    Resources
    1m
  • BeyondTrust Executive Summary
    Feb 25, 2026 BeyondTrust Executive Summary
    Resources
    1m
Related
  • 2022 Cybersecurity Survival Guide
    Jan 10, 2022 2022 Cybersecurity Survival Guide
    Resources
    1m
  • Africa’s Road Map to Identity Maturity and Security Using Privileged Access Controls
    Jan 11, 2023 Africa’s Road Map to Identity Maturity and Security Using Privileged Access Controls
    Resources
    1m
Share this Article
  • Link

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.