Hi, the question is following: I want to trace users who are allowed to use the "su" command. I know that once root you can ALTER what ever you want, even of course the log files... but I want to do following (which isn't sure at all, but at least it would help me...):
When a user uses the "su" command, I want to be notified (i'm on NT-Workstation)-but if its a notification to my telnet console under my unix session it's ok too...
I want to put following batch programmed to run every 5 minutes into the crontab:
It should check if a 'root' is in action, if yes, logging all last commands typed by that guy into a file. And this should happen as said every 5 minutes... that way if he removes himself from history or log files, I'd have a backup of it.
The big pain is if he gets into the Crontabfile... should be a way just even to be noticed if he touched it or not...
I know it's a bit tricky.. i've a load of ideas, but no practice for such scripts... thnx if any could help, even just give me basic commands, i'd do the rest with the help of 'man'
thnx in advance
When a user uses the "su" command, I want to be notified (i'm on NT-Workstation)-but if its a notification to my telnet console under my unix session it's ok too...
I want to put following batch programmed to run every 5 minutes into the crontab:
It should check if a 'root' is in action, if yes, logging all last commands typed by that guy into a file. And this should happen as said every 5 minutes... that way if he removes himself from history or log files, I'd have a backup of it.
The big pain is if he gets into the Crontabfile... should be a way just even to be noticed if he touched it or not...
I know it's a bit tricky.. i've a load of ideas, but no practice for such scripts... thnx if any could help, even just give me basic commands, i'd do the rest with the help of 'man'
thnx in advance