Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

track super user info

Status
Not open for further replies.
cgy99

cgy99

Vendor
Feb 12, 2000
2
US
Hi

Can anybody tell me in a solaris box how to track super users' info such as who change to super user at what time and what he has done.

Which command can do this and which file stores these info?

I'm using bash but seems .bash_history only stores the commands i used when i 'm a super user

tks in adv
 
Sort by date Sort by votes
Try the "last" command. This is a compilation of the /var/log/wtmp file, there is also a file called /var/adm/sulog which is a log of all "su" logins including dates and times. Hope this helps :)
Jon Zimmer
jon.zimmer@pf.net
The software required `Windows 95 or better', so I installed Linux.

 
Upvote 0 Downvote
If csh or ksh was used there will be entries for each command line entry in /.sh_history, however they will not be time stamped.

Ged Jones

Top man
 
Upvote 0 Downvote
If you want to use auditing functions you should used the enhanced security package which is available at different names (UNIX MLS......)

hnd
hasso55@yahoo.com

 
Upvote 0 Downvote
cgy99,

Keeping track of system chnges is a problem in some environments, especially when historically people have had unrestricted access to the super user account for some time -- it's difficult to change that kind of culture and restrict access to the root account but I think you should consider habing a go.

For the moment though, Jon is quite right. The two things you can do are:

1. Monitor the file [tt]/var/adm/sulog[/tt].

2. Use the [tt]last[/tt] command ('[tt]last root'[/tt]') to track some of the things done as root.

You should be aware that [tt]last[/tt] is not exactly perfect for this. It will, for instance, pick up the fact that someone has run [tt]vi[/tt] but will not tell you which files were edited....

For the future.

Have you though of putting it to management that unrestricted access to the root account will almost certainly result in time being wasted correcting errors? (and maybe worse)

Best situation is that only a couple of people have access to the root account (a techie and a manager who can give out the password if there's an emergency) but this is sometimes difficult to achieve.

If people have a genuine need to do some root work then there's a widely used utility you might be interested in called [tt]sudo[/tt]. It allows access to certain commands for certain users.

Mike
michael.j.lacey@ntlworld.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aigini
  • Locked
  • Question
Problem using NOPASSWD option for sudo user
Replies
0
Views
126
Aigini
Aigini
maccarone
  • Locked
  • Question
knowing how is booted the server (single user or multi user)
Replies
0
Views
80
maccarone
maccarone
Dyls
  • Locked
  • Question
User Telnet Sessions Dropping Out
Replies
0
Views
76
Dyls
Dyls
Carlitos71
  • Locked
  • Question
FTP User
Replies
1
Views
80
Hidsjer
Hidsjer
Dervie
  • Locked
  • Question
Limit number of User Logins
Replies
3
Views
134
motoslide
motoslide

Part and Inventory Search

Sponsor

Back
Top