HPE Community
Operating System - HP-UX
1847902 Members
4328 Online
104021 Solutions
New Discussion

su log

 
Indrasen
Occasional Advisor

‎08-03-2009 05:53 AM

‎08-03-2009 05:53 AM

su log

Hi
I am a newbie to unix world and into security. can someone please help me with the below log.

Jul 24 11:55:50 su: - 8 username
Jul 24 12:12:40 su: - 10 username
Jul 26 11:15:32 su: - 7 username

I understand these are failed logins but what does that number (8,10,7) indicate??

Thanks for helping.
-Indra
0 Kudos
12 REPLIES 12
SoorajCleris
Honored Contributor

‎08-03-2009 06:05 AM

‎08-03-2009 06:05 AM

Re: su log

Hi Indra,

Its your terminal number from which it tried.
And the "-" shows that it is failed.

Regards,
Sooraj
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity" - Dennis Ritchie
0 Kudos
Steven E. Protter
Exalted Contributor

‎08-03-2009 06:06 AM

‎08-03-2009 06:06 AM

Re: su log

Shalom,

Number of logins using su

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Indrasen
Occasional Advisor

‎08-03-2009 06:10 AM

‎08-03-2009 06:10 AM

Re: su log

Hi Steve (SEP),

If they are the number of logins of su, do you think any one tried to login using a tool? coz manually 8 or 10 times is not possible within a second.

-Indra
0 Kudos
Pete Randall
Outstanding Contributor

‎08-03-2009 06:12 AM

‎08-03-2009 06:12 AM

Re: su log

I love it when you get such authoritative yet contradicting answers. Judging from the contents of my sulog, I would go with terminal number as a good guess:

SU 06/27 13:26 + ttyp2 root-informix
SU 07/08 11:53 + 2 tmr-root
SU 07/13 14:48 + 6 tmr-root
SU 07/16 12:43 + 2 tmr-root
SU 07/20 06:10 + ttyp1 root-jlp
SU 07/20 06:13 + ttyp8 root-jlp


Pete

Pete
0 Kudos
SoorajCleris
Honored Contributor

‎08-03-2009 06:19 AM

‎08-03-2009 06:19 AM

Re: su log

Hi Indra,

Which is this OS?

Regards,
Sooraj
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity" - Dennis Ritchie
0 Kudos
Indrasen
Occasional Advisor

‎08-03-2009 06:20 AM

‎08-03-2009 06:20 AM

Re: su log

its HPUX
0 Kudos
SoorajCleris
Honored Contributor

‎08-03-2009 06:34 AM

‎08-03-2009 06:34 AM

Re: su log

Hi,

Which version?

Regards,
Sooraj
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity" - Dennis Ritchie
0 Kudos
Indrasen
Occasional Advisor

‎08-03-2009 06:56 AM

‎08-03-2009 06:56 AM

Re: su log

11.11 missed to mention it before
0 Kudos
SoorajCleris
Honored Contributor

‎08-03-2009 08:05 AM

‎08-03-2009 08:05 AM

Re: su log

Hi ,

It is the terminal number from which it tried to login.

You may see the manpage here
http://docs.sun.com/app/docs/doc/816-5174/sulog-4?a=view ( SUN - but same format followed in HPUX also)

Here is the output from my servers,

11.11
-----------
-----------
hrprd2# tail -f sulog
SU 08/02 18:09 + tty?? root-naredlv
SU 08/02 18:09 + tty?? root-naredlv
SU 08/02 18:09 + tty?? root-nareshp
SU 08/02 18:09 + tty?? root-nareshp
SU 08/03 00:00 + 0 vbinees-root
SU 08/03 05:01 + ta KumarS3-root
SU 08/03 05:42 + ta KumarS3-root
SU 08/03 06:04 + ta lkumar-root
SU 08/03 06:36 + ta lkumar-root
SU 08/03 08:58 + ta lkumar-root





11.23
============
# cat /var/adm/sulog
SU 08/02 22:36 + tty?? root-sfmdb
SU 08/02 22:36 + ttyp1 root-root
SU 08/03 10:18 + ta root-sooraj
SU 08/03 10:18 + ta root-root


Regards,
Sooraj
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity" - Dennis Ritchie
0 Kudos
SoorajCleris
Honored Contributor

‎08-03-2009 07:06 PM

‎08-03-2009 07:06 PM

Re: su log

Hi,

You may assign some points if your question is answered . :)

Thank you
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity" - Dennis Ritchie
0 Kudos
Indrasen
Occasional Advisor

‎08-03-2009 11:40 PM

‎08-03-2009 11:40 PM

Re: su log

thanks all for your replies. i see that the number is a interface/terminal in the definition of the log in one of the log managament tool.
0 Kudos
Indrasen
Occasional Advisor

‎08-03-2009 11:43 PM

‎08-03-2009 11:43 PM

Re: su log

I found the log description in one of the log management tool and other members also in the same page.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.