Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
/var/adm/sulog
- Thread starter job357
- Start date
Look at 'man sulog'. Solaris 'su' won't log commands being executed by the given user. It only logs the attempt/failure/success of su. If you really want to maintain a trail of commands executed by the user once they have su(d) to another user, you'll have to enable C2 auditing and use the Basic Security Module (BSM) for such.
Look at the script /etc/security/bsmconv. It enables auditing on the system and after reboot auditd will be running. You need to understand what you are enabling before just running the script. Enabling auditing on a system can degrade performance between 5 and 15% - more if you audit too many events. It will allow you to use praudit and audit reduce in order to trace user activities.
If there really is some interest in using BSM, I'll drop a FAQ - just let me know.
Cheers,
Keith
Look at the script /etc/security/bsmconv. It enables auditing on the system and after reboot auditd will be running. You need to understand what you are enabling before just running the script. Enabling auditing on a system can degrade performance between 5 and 15% - more if you audit too many events. It will allow you to use praudit and audit reduce in order to trace user activities.
If there really is some interest in using BSM, I'll drop a FAQ - just let me know.
Cheers,
Keith
- Thread starter
- #3
- Status