Member Added to Group

Linux Ubuntu

Flynn Weeks

Flynn Weeks

February 4, 2022

Enabled by default

Service: syslog

Log type: auth.log

Group membership change can indicate a user adding themselves to an admin group without permissions. It is important to monitor the groups that have escalated permissions.

Due to the limitations of the GNOME Logs app, we do not currently have a GUI way to view this log. We recommend using the command line. The auth.log tracks when a user is added to a group. To see the logs of a user being added to a group, enter the command grep usermod /var/log/auth.log | grep add.

View Logs
grep usermod /var/log/auth.log | grep add
Check Logging Status
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Disable Logging
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Enable Logging
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Language: bash
View Log Pile