- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- Re: log all who use su command
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-20-2005 09:49 PM
тАО12-20-2005 09:49 PM
log all who use su command
O.S tru64 V5.1A,pk#1,standard security,
I want to make log for all users in the server
who use su command( to root user and to other)
,and log for all attemps to login server includes
successed and failed,
thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-20-2005 10:43 PM
тАО12-20-2005 10:43 PM
Re: log all who use su command
Then, your other option is enable auditing, but as you don't have enhanced security, this will not be possible. Also, auditing is more tedious to configure.
So, the my recommendation is:
Do not enable the use of su to anybody, and install SUDO.
Sudo will log all the commands issued as another user or root to a file that you can specify.
Everything that you want to do as root, do it with sudo.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-20-2005 10:43 PM
тАО12-20-2005 10:43 PM
Re: log all who use su command
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=983868
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-20-2005 11:04 PM
тАО12-20-2005 11:04 PM
Re: log all who use su command
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2005 07:18 AM
тАО12-21-2005 07:18 AM
Re: log all who use su command
The sialog was not designed for use as an auditing tool it was only designed for temporary use in debugging SIA problems. Long term use of the sialog can cause severe problems including performance issues and system hangs. I know this because I have responded to several customer problem reports in this area. PLEASE STOP MENTIONING THE USE OF SIALOG TO OUR OTHER CUSTOMERS!!!
The auditing subsystem is independent of Enhanced Security, YOU DO NOT NEED TO ENABLE ENHANCED SECURITY TO USE AUDITING. I use auditing all the time on my systems that do not have Enhanced Security enabled. The auditing subsystem is the supported and recommended method for auditing things like su and logins. Initial configuration is fairly simple if you use the Audit Configuration from the sysman Configuration menu, but it does require a system reboot if audit is not enabled on the system. su is logged as an "auth_event", so selecting ANY of the generic categories when prompted: Desktop, NIS_server, Networked_system, Server, Timesharing, or Timesharing_extended_audit will get you auditing of su, or you can just select "profile_auth", which only audits logins, logouts, and auth_event. It's only if you want to get more specific about what you audit that it can get complicated.
Using SUDO instead of su to allow other users to do root functions is a good idea. The dop utility, which is supplied with the OS, can be used in a similar fashion.
Ann Majeske, HP Tru64 UNIX Engineering Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2005 07:32 AM
тАО12-21-2005 07:32 AM
Re: log all who use su command
So, I think that is nothing wrong with letting know to the user that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2005 07:46 AM
тАО12-21-2005 07:46 AM