Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sniffering System Commands of ROOT User

Status
Not open for further replies.
olli2003

olli2003

Technical User
Jan 31, 2003
93
DE
Hi!

I've a strange problem...
on of my collegues claimed, that I've set up critcal Sytem Commands as User "ROOT" in the system. (SUN Solaris 10)
Now I'm interested in, where he could see such logs!
May be ROOT was controlled by an audit process...?
Is it possible to to so?
How can I see if such an audit daemon is activated?
Where can I find it's logfile and how can I read it?
So may be it's possible to fetch such informations by the history file?
The informations must be exactly have the content of:
1. At which time ROOT was logged on and from which machine.
2. Which commands were set up by this user?

Thanks a lot for all your help!

Kind Regards
Oliver
 
Sort by date Sort by votes
/var/adm/sulog might contain information if the user su-d to root. As you say, the .sh_history file might contain information if it hasn't rotated or been purged for whatever reason.

What are these 'critical system commands'? As Annihilannic says, we really need more information.
 
Upvote 0 Downvote
Oliver, example system commands such as "halt" & "reboot" can be found under /etc and they are indeed root owned and powerful(also linked to /usr/sbin), unless permissions are really nailed down anybody can run a "ls -al" against the /etc & /usr/sbin directories and get this information. Has your colleague attained a little knowledge but not enough to know the system?

Good luck anyway
 
Upvote 0 Downvote
Hi!

Thanks a lot for all your replies and
sorry for my late answer.
I can't explain in a good way, but may be this person
had some external tools to do this...
Howether... it were such commands like "format", "netstat" f. ex.

How can I use the "bsmconv" command,
and what exactly it's doing?


Have a nice weekend and

Kind Regards
Oliver
 
Upvote 0 Downvote
Hello Oliver, netstat & format are both owned by root, whilst format can only be run as the root user. So this is normal for all Solaris o/s, I don't see that you have any security problems.

I've never used "bsmconv", but you can "man bsmconv" for more infomation.

See you

Marrow
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ddrillich
  • Locked
  • Question
Changing the format of the uptime output
Replies
0
Views
439
ddrillich
ddrillich
egyassun
  • Locked
  • Question
SunOS confusing root directory and user home directory 1
Replies
4
Views
592
egyassun
egyassun
MauroCMSVR
  • Locked
  • Question
Print as PDF file in Solaris System
Replies
0
Views
469
MauroCMSVR
MauroCMSVR
CChambleeJr
  • Locked
  • Question
How to create file system on USB Drive
Replies
1
Views
288
SamBones
SamBones
Stuelpnagel
  • Locked
  • Question
Which type of modern workstations replaced once popular Sun Blade 1500 red/silver?
Replies
1
Views
232
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top