Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
command to see the user changing logon
- Thread starter h3nd
- Start date
On AIX check /var/adm/sulog. Personally I have a script which checks for
1. Anyone other than the admin group using su root
2. Anyone have > 2 unsuccessful su attempts.
I'll post it if you're interested.
Ceci n'est pas une signature
Columb Healy
1. Anyone other than the admin group using su root
2. Anyone have > 2 unsuccessful su attempts.
I'll post it if you're interested.
Ceci n'est pas une signature
Columb Healy
- Thread starter
- #3
- Thread starter
- #5
Thx coffeysm,
but In this case I am one of the support system.
and one group contain 3 people. So we have right to su to functional logon.
But I need to know which one does which, because we're not allowed to logon straight using functional logon. We need to logon as our own user and then su to functional logon.
So our admin can detect what we are doing.
Thx
but In this case I am one of the support system.
and one group contain 3 people. So we have right to su to functional logon.
But I need to know which one does which, because we're not allowed to logon straight using functional logon. We need to logon as our own user and then su to functional logon.
So our admin can detect what we are doing.
Thx
KenCunningham
Technical User
I don't fully understand about the group situation, but sulog should give you the details as to who is su-ing to your 'functional logon' as suggested above, as long as they are doing so from a uniquely identifiable userid. If they aren't, you have a security issue and might consider introducing individual userid to enable the audit trail that you're after.
I don't mind people who aren't what they seem. I just wish they'd make their mind up.
Alan Bennett.
I don't mind people who aren't what they seem. I just wish they'd make their mind up.
Alan Bennett.
On Redhat ES there is no sulog, info is instead in /var/log/everything
______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
Code:
grep -e "su(pam.*opened for user root" everything |awk '{ print $1,$2,$3,$12}'______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
- Thread starter
- #8
Oh well my scenario was for only allowing certain people (ie: sys admins) to actually run the su command. If you can su to root then why not look at the sulog under that account? Do you just need to know who runs the su command or what they are actually typing? I would look into sudo instead if that is what you are trying to find out.
- Thread starter
- #10
Either make the sulog 644 so you can read it. 640 and add you to the group that the file belongs to. You could also look into aliases to log the username before the command is actually ran. You might also want to look into seeing if sudo is or can be setup on your system.
Red Hat logs the login and sulogin activity under /var/log/messages file.
You can change the following to use /var/log/sulog
add following line to /etc/syslog.conf file and then touched /var/log/sulog file.
----
auth.info /var/log/sulog
# ^^^^ this white space is TABs, not spaces
-----
and then,
/etc/init.d/syslog restart
Mike
"Whenever I dwell for any length of time on my own shortcomings, they gradually begin to seem mild, harmless, rather engaging little things, not at all like the staring defects in other people's characters."
You can change the following to use /var/log/sulog
add following line to /etc/syslog.conf file and then touched /var/log/sulog file.
----
auth.info /var/log/sulog
# ^^^^ this white space is TABs, not spaces
-----
and then,
/etc/init.d/syslog restart
Mike
"Whenever I dwell for any length of time on my own shortcomings, they gradually begin to seem mild, harmless, rather engaging little things, not at all like the staring defects in other people's characters."
- Thread starter
- #14
KenCunningham
Technical User
In most *nixes, as root, if you vi certain files and try to save them, vi will 'pretend' that it can't be written (presumably for security against dabblers I guess). However, it can actually be written using wq! to force the issue.
I don't mind people who aren't what they seem. I just wish they'd make their mind up.
Alan Bennett.
I don't mind people who aren't what they seem. I just wish they'd make their mind up.
Alan Bennett.
- Thread starter
- #17
KenCunningham
Technical User
Well ask someone who can, perhaps?
I don't mind people who aren't what they seem. I just wish they'd make their mind up.
Alan Bennett.
I don't mind people who aren't what they seem. I just wish they'd make their mind up.
Alan Bennett.
- Status
Similar threads
- Locked
- Question