HPE Community
Operating System - HP-UX
1753974 Members
6963 Online
108811 Solutions
New Discussion юеВ

Re: View the su logs

 
SOLVED
Go to solution
johnnymac_1
Advisor

тАО01-19-2011 08:15 AM

тАО01-19-2011 08:15 AM

View the su logs

Is there away to view a file that list all the su activity for users? This would be succesful and failed su. At a minumum what about failed su to root activity? HP-UX B.11.23.
Thanks John
0 Kudos
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО01-19-2011 08:19 AM

тАО01-19-2011 08:19 AM

Solution

Re: View the su logs

Shalom,

/var/adm/sulog

Any user can read them.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Manix
Honored Contributor

тАО01-19-2011 08:32 AM - last edited on тАО11-10-2011 08:49 AM by

тАО01-19-2011 08:32 AM - last edited on тАО11-10-2011 08:49 AM by

Re: View the su logs

yes all logs are @ '/var/adm/sulog '

Could set up a cron job to check sulog periodically and report any failed attempts to su to root (indicated by - instead of +). This is pretty crude example, but should give you the general idea of what needs to be done.

#!/usr/bin/sh

grep "root$" /var/adm/sulog | grep " - " | mailx -s "Failed root su attempts" someone@somewhere.com

http://h30499.www3.hp.com/t5/Security/How-to-log-failed-attempts-to-ROOT/m-p/3699147#M11226

HP-UX been always lovable - Mani Kalra
0 Kudos
johnnymac_1
Advisor

тАО01-19-2011 10:16 AM

тАО01-19-2011 10:16 AM

Re: View the su logs

Manix,
My sulog appears to only retain for specified period. It is cleared upon reboot and a OLDsulog file is created for the previous day. Both files only contain a 24 hour period. In order to keep a copy of all my su activity I was going to run a cron job. In Solaris cron -e edit the cron file but in HP-UX is it crontab -e? If yes are cron jobs setup pretty much the same; that is specify the time/date and file to execute?My script will create a directory with the date of the system clock, so I will need to figure out how to to this.
0 Kudos
Manix
Honored Contributor

тАО01-19-2011 10:23 AM

тАО01-19-2011 10:23 AM

Re: View the su logs

please read this

http://docs.hp.com/en/B2355-90128/crontab.1.html

crontab -e

Edit a copy of your crontab file, or create an empty file to edit if the crontab file does not exist.

crontab -l

List your crontab file.

The entries in a crontab file are lines of six fields each. The fields are separated by spaces or tabs. The lines have the following format:

minute hour monthday month weekday command

example,

0 0 1,15 * 1 command
HP-UX been always lovable - Mani Kalra
0 Kudos
johnnymac_1
Advisor

тАО01-19-2011 10:34 AM

тАО01-19-2011 10:34 AM

Re: View the su logs

A million thanks to both of you for your help.
0 Kudos
Manix
Honored Contributor

тАО01-19-2011 10:39 AM

тАО01-19-2011 10:39 AM

Re: View the su logs

Thanks A lot

Manix
HP-UX been always lovable - Mani Kalra
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.