Linuxでユーザの追加・削除についてのログを確認する

Linuxでユーザの追加・削除についてのログを確認する

Linuxのユーザ追加を行ったログは、Debian系/RHEL系で出力先が異なっている。

Debian/Ubuntu系

Debian/Ubuntu系の場合は、「/var/log/auth.log」に出力される。

test@ubuntu-server:~$ sudo useradd test1
test@ubuntu-server:~$ sudo userdel test1
test@ubuntu-server:~$
test@ubuntu-server:~$ grep -e useradd -e userdel /var/log/auth.log
Jun  9 22:43:58 ubuntu-server sudo:     test : TTY=pts/1 ; PWD=/home/test ; USER=root ; COMMAND=/usr/sbin/useradd test1234
Jun  9 22:43:58 ubuntu-server useradd[30833]: new group: name=test1234, GID=1001
Jun  9 22:43:58 ubuntu-server useradd[30833]: new user: name=test1234, UID=1001, GID=1001, home=/home/test1234, shell=
Jun  9 22:44:03 ubuntu-server sudo:     test : TTY=pts/1 ; PWD=/home/test ; USER=root ; COMMAND=/usr/sbin/userdel test1234
Jun  9 22:44:03 ubuntu-server userdel[30839]: delete user 'test1234'
Jun  9 22:44:03 ubuntu-server userdel[30839]: removed group 'test1234' owned by 'test1234'
Jun  9 22:44:03 ubuntu-server userdel[30839]: removed shadow group 'test1234' owned by 'test1234'
Jun  9 22:46:53 ubuntu-server sudo:     test : TTY=pts/1 ; PWD=/home/test ; USER=root ; COMMAND=/usr/sbin/useradd test1
Jun  9 22:46:54 ubuntu-server useradd[30867]: new group: name=test1, GID=1001
Jun  9 22:46:54 ubuntu-server useradd[30867]: new user: name=test1, UID=1001, GID=1001, home=/home/test1, shell=
Jun  9 22:46:57 ubuntu-server sudo:     test : TTY=pts/1 ; PWD=/home/test ; USER=root ; COMMAND=/usr/sbin/userdel test1
Jun  9 22:46:57 ubuntu-server userdel[30873]: delete user 'test1'
Jun  9 22:46:57 ubuntu-server userdel[30873]: removed group 'test1' owned by 'test1'
Jun  9 22:46:57 ubuntu-server userdel[30873]: removed shadow group 'test1' owned by 'test1'

RHEL系

RHEL系の場合は、「/var/log/secure」に出力される。

[root@test-centos7 ~]# useradd test1
[root@test-centos7 ~]# userdel test1
[root@test-centos7 ~]# grep -e useradd -e userdel /var/log/secure
Jun  9 22:50:36 test-centos7 useradd[13947]: new group: name=test1, GID=1000
Jun  9 22:50:36 test-centos7 useradd[13947]: new user: name=test1, UID=1000, GID=1000, home=/home/test1, shell=/bin/bash
Jun  9 22:50:39 test-centos7 userdel[13952]: delete user 'test1'
Jun  9 22:50:39 test-centos7 userdel[13952]: removed group 'test1' owned by 'test1'
Jun  9 22:50:39 test-centos7 userdel[13952]: removed shadow group 'test1' owned by 'test1'