System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

how to log successful/unsuccessful access to the root in syslog.log

vz7r1x
Regular Advisor

how to log successful/unsuccessful access to the root in syslog.log

Hi,
I have a trusted system where system does not log unsuccessful login attempts to root.

I did not find anything in sam to set it up.

My /etc/syslog.conf has the following line:
auth.debug/var/adm/syslog/syslog.log

still failed attempts to login to root does not show up.

Any suggestions?

Thanks
4 REPLIES
Mel Burslan
Honored Contributor

Re: how to log successful/unsuccessful access to the root in syslog.log

how about if you run

lastb root

can you get it that way ?
________________________________
UNIX because I majored in cryptology...
James R. Ferguson
Acclaimed Contributor

Re: how to log successful/unsuccessful access to the root in syslog.log

Hi:

You need to enable bad-login auditing by creating '/var/adm/btmp'. Touch the file to create it. Set its permissions to be readable and writeable ONLY by 'root'.

You should also look at '/var/adm/sulog' for sucessful and unsuccessful 'su' attempts to root.

Regards!

...JRF...
Jestin John Chacko
Regular Advisor

Re: how to log successful/unsuccessful access to the root in syslog.log

Dear...

last and lastb gives the successful and unsuccessful logins .

both are generated by

last---/var/adm/wtmp Login database

lastb--/var/adm/btmp bad login database

for your unsuccessful logins of root user try

lastb -R root
vz7r1x
Regular Advisor

Re: how to log successful/unsuccessful access to the root in syslog.log

Mel, James and Justin.

I was trying to channel failed login messages to syslog.log by changing config. Thanks for your helpful input.

Regards,