Solaris

Hi,

At our site(O.S Solaris 5.9) we have disabled the root login and also su . In place of this we have a root equivalent id eg:boss which is basically a copy of ur /usr/bin/su. Now in order to maintain an audit trail of the activities and to restrict root login we have enabled the access of this id only through 1 single id i.e rootload and enabled audit trail using the script command which has been added in the .profile at the very end as detailed below

### CODE START
#CHECK FOR ROOT LOGIN
a=`who -m|cut -c1-5`

if [ "$a" != 'rootload' ]
then
echo "SORRY ! YOU ARE NOT AUTHORISED TO LOGIN "
exit
else
script -a /home/rootload/rootlog/rootlog_`date +"DATE:%d%m%y_TIME:%H%M"`
fi
exit
## CODE END

Now I face 2 problems

i) If I logonto root just using command boss then the .profile does not execute and hence the root login restirctions and audit trail are not applicable.
ii) If I logon to root using boss - , then the .profile is executed and audit trail and root log audit trail are avalaible but when i exit out using exit command then the processes whihc are started with the root equivalent id are killed or exited out.

Please let me know if there are any solutions to overcome these 2 problems and still satisfy my requirements

Regds,
Jobby

That's a normal behaviour. If you don't use "-", the user profile won't be loaded, so your code won't be executed. You could "enclose" boss into a script that logs every execution of itself instead.

That's also usual. I would use "nohup" with those commands so that they're not finished when you logout.

One more thing. You may want to put the code inside /etc/profile instead, so that the user won't be able to change its profile and avoid your audit. You may also "trap" CTRL+C.

Regards.

script is not a suitable auditing mechanism, you should use Solaris auditing instead. If you want to audit shell activity take a look at this page.

The manual navigation is the only drawback I find in Unix--though it is the most secured OS IMO.