Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

huge sulog file

Status
Not open for further replies.
shoux

shoux

Technical User
Nov 9, 2000
83
MY
hi all

the file size is 40mb. there is 700 users online. Howcome, each time users logged in the root will execute su command to them.this will caused the sulog size is growth.it seems that root is succesfuly

below is the snapshoot of the sulog file.
SU 08/25 08:43 + tty?? root-a20
SU 05/25 08:43 + tty?? root-a60
SU 08/25 08:43 + tty?? root-a16
SU 08/25 08:44 + tty?? root-al2
SU 08/25 08:44 + tty?? root-b10

thank you

shoux
 
Sort by date Sort by votes
1) cut down those users who have access to root

OR

2) edit the file and make it smaller

Alex
 
Upvote 0 Downvote
To empty the file completely, use cat /dev/null > sulog

This will at least give you a blank canvass from which you can monitor and assess who's accessing as root and, as Alex says, may give you ammunition to argue for more restricted access, perhaps using sudo.
 
Upvote 0 Downvote
In fact your file shows root 'suing' to a number of users

Why is it doing that ?

Alex
 
Upvote 0 Downvote
hi all

as alex said, why the root user suing to other user. I do not know whether the system config. is wrong. i noticed each time user logged in the root will executed the command.

Please help me

Thank you

shoux
 
Upvote 0 Downvote
Is there anything in /etc/profile which might be causing this? I would have expected at least a prompt for a password if that's the case.
 
Upvote 0 Downvote
Perhaps a root cron job which uses "su <user> -c" regulary?

Quick way to clear the log - ">sulog"

IBM Certified Confused - MQSeries
IBM Certified Flabbergasted - AIX 5 pSeries System Administration
MS Certified Windblows Rebooter
 
Upvote 0 Downvote
My internal and external auditors would throw a fit if I blanked out the sulog. I would do the following:

make sure it's not in use

cd /var/adm
fuser sulog

I would save atleast one years worth of data. This is represented with "N"

tail -N /var/adm/sulog > /var/adm/sulog.new

mv /var/adm/sulog.new /var/adm/sulog

chmod 600 /var/adm/sulog

aixmurder is probably onto it. It's probaby a cron entry under roots cron, or is a job schedule just as ESP which runs as root but su's to approved/appropriate users.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mar3i
  • Locked
  • Question
Cannot inrease var filesystem 1
Replies
2
Views
138
pa2nc
pa2nc
DanGwo
  • Locked
  • Question
Find command list only the unique file name
Replies
1
Views
101
iggsterman
iggsterman
amandeepgautam
  • Locked
  • Question
collect2: fatal error: not a COFF file
Replies
0
Views
122
amandeepgautam
amandeepgautam
trifo
  • Locked
  • Question
reading huge AIX audit bin file
Replies
0
Views
116
trifo
trifo
kban
  • Locked
  • Question
Delete files except the file names available in the Except File
Replies
1
Views
66
fredericofonseca
fredericofonseca

Part and Inventory Search

Sponsor

Back
Top