HPE Community
Operating System - HP-UX
1834145 Members
2093 Online
110064 Solutions
New Discussion

su and monitoring access

 
James Clay_2
Occasional Advisor

‎08-13-2003 06:57 AM

‎08-13-2003 06:57 AM

su and monitoring access

I would like to modify my systems so that the su command remembers the original details of the user such as their user ID so that if they make changes, then it becomes clearer who did them, rather than jsut 'root'.

Is this easy to do?
"Computer games don¹t affect kids, I mean if pac man affected us as kids, we¹d all be running around in darkened rooms, munching pills and listening to repetitive music."
0 Kudos
Reply
9 REPLIES 9
doug mielke
Respected Contributor

‎08-13-2003 06:46 AM

‎08-13-2003 06:46 AM

Re: su and monitoring access

the su log will keep track of who / when they changed to the root user, but after that, they are root. Tracking them by their former / original name is no longer done. You're best bet is saving the su log, and comparing it to time stamps on files.

I've heard that there are 3rd party monitoring tools that promise this sort of tracking.
0 Kudos
Reply
George_Dodds
Honored Contributor

‎08-13-2003 06:54 AM

‎08-13-2003 06:54 AM

Re: su and monitoring access

I wonder if you can somehow track them from there tty id,if you want to track what they do after the su to root?
0 Kudos
Reply
George_Dodds
Honored Contributor

‎08-13-2003 06:54 AM

‎08-13-2003 06:54 AM

Re: su and monitoring access

I wonder if you can somehow track them from there tty id,if you want to track what they do after the su to root?
0 Kudos
Reply
George_Dodds
Honored Contributor

‎08-13-2003 06:56 AM

‎08-13-2003 06:56 AM

Re: su and monitoring access

odd my first reply has a submit time way after my most recent reply.
0 Kudos
Reply
George_Dodds
Honored Contributor

‎08-13-2003 07:05 AM

‎08-13-2003 07:05 AM

Re: su and monitoring access

what about just looking at /var/adm/sulog

Ta

George
0 Kudos
Reply
Chris Wilshaw
Honored Contributor

‎08-13-2003 07:09 AM

‎08-13-2003 07:09 AM

Re: su and monitoring access

James,

The following link may help - it mentions an option to allow you to keep existing environment variables when using su

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xcb2a16515c36ba48b0ba840e6d90bb89,00.html

I'm not sure which variables it will retain, but it's worth checking out.

Chris
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎08-13-2003 07:28 AM

‎08-13-2003 07:28 AM

Re: su and monitoring access

I suugest you to change the istory file:

use this:

export HISTFILE=$HOME/.sh_history`tty|tr / _`_`date | tr " " _`

This way you have a different history for each user, because the do the su from different pty and at different times.

Joining this with syslog you can track all down.

Or you can enable auditing, but this is very heavy...

Massimo
0 Kudos
Reply
Nat Guyton
Advisor

‎08-13-2003 01:16 PM

‎08-13-2003 01:16 PM

Re: su and monitoring access

You're looking for "sudo" functionality... http://www.courtesan.com/sudo/
Never underestimate the bandwidth of a station wagon filled with backup tapes
0 Kudos
Reply
Tim Adamson_1
Honored Contributor

‎08-13-2003 01:48 PM

‎08-13-2003 01:48 PM

Re: su and monitoring access

Hi,

There are several products available that allow you to do this type of thing.

sudo is the one that srings to mind, although I have also seen qsu and su2 at other sites.

You should be able to establish a .sh_history_root_ when the users obtain root privledges. Of course you will need to set this up yourself. No such thing as a free lunch :-)


Tim
Yesterday is history, tomorrow is a mystery, today is a gift. That's why it's called the present.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.