Best log analyzer ever. For centralizing and reviewing logs on lots of servers it’s a must have.
Someone asked me the other day how to setup OS X to log sudo events. Well, there’s nothing to do. Whether the password used with sudo is right or wrong, all attempts to authenticate through sudo are logged.
Control access by editing the SSH configuration file and using the AllowUsers directive like so:
To add multiple entries, either separate users with a space:
AllowUsers cedge kklein
Or you can write an entirely new line:
AllowUsers cedge AllowUsers kklein
For those attending, my speaker page to DefCon 14, in Las Vegas, Nevada: http://www.defcon.org/html/defcon-14/dc-14-speakers.html#Edge