02-22-2002
Telneting in as ROOT is NO NO
From your posting you want to track users who are logging in as Root and what they are doing.
Easiest way is to block root from telneting in from remote connections. Force the users to login as themselves and then "su" over to root. You can then log all su attempts (successful and un-successful) and track the people backwards across the servers.
Basic Security rule is to only allow Root to login from the Console Terminal physically located at the server.
10 More Discussions You Might Find Interesting
1. IP Networking
hi everybody ,
i have a solaris 5.6 box and i want to trace the route on an ip i treid traceroute but soalris 5.6 does not support it ...
is there a command that can be used equivelent to traceroute ?
thanks for your help (2 Replies)
Discussion started by: ppass
2 Replies
2. Shell Programming and Scripting
Does anyone know if there is a util out there to run through a shell script and be able to trace the function call tree. I have inherited some code and the original author was ****mad**** keen on functions - even ones called only once!
If anyone knows of anything I would appreciate it - web... (3 Replies)
Discussion started by: ajcannon
3 Replies
3. UNIX for Dummies Questions & Answers
Can someone help me with commands to trace DHCP on an HP_UX box?
Thanks! (0 Replies)
Discussion started by: nuGuy
0 Replies
4. HP-UX
Hi,
Last day, In one of our unix boxes there was an issue wherein few of the directory structures were missing / got deleted.
Is there any way by which we can find how it happened, I mean by going through syslog / which user had run what command?
Thanks for your help (3 Replies)
Discussion started by: vivek_damodaran
3 Replies
5. HP-UX
on HP-Unix how can i trace user for example "xxx999" ? (4 Replies)
Discussion started by: salhoub
4 Replies
6. Shell Programming and Scripting
Hi
I am working in ksh and getting the trace after trying to remove the file which in some cases does not exist:
$ my_script
loadfirm.dta.master: No such file or directory
The code inside the script which produces this trace is the following:
] || rm ${FILE}.master >> /dev/null
for... (3 Replies)
Discussion started by: aoussenko
3 Replies
7. Solaris
Hi
I would like to display only error messages from my log files while monotring application on my solaris box using tail command.
Is there other way we can monitor please let me know?
In general # tail -f "xyz.log' ---> this will display current activity of the logs, instead i would like... (4 Replies)
Discussion started by: gkrishnag
4 Replies
8. UNIX for Dummies Questions & Answers
Hi,
I am an oracle DBA pretty new to unix. We had one of the filesystems full and a colleague cleared some stuffs to create more space. I just checked now and found there is now more space available. How do i find exactly what he cleared? We have oracle database installed and its a RAC... (4 Replies)
Discussion started by: dollypee
4 Replies
9. Shell Programming and Scripting
Hi All
Thought it would be kind of fun to implement a stack trace for a shell script that calls functions within a sub shell. This is for bash under Linux and probably not portable -
#! /bin/bash
error_exit()
{
echo "======================="
echo $1
echo... (4 Replies)
Discussion started by: steadyonabix
4 Replies
10. AIX
Hi,
is it possible to trace everything about user that changes from its own user to root user, failed and successful attempts (I would need user and IP address of user that was trying to do that)?
I tried adding auth.notice and auth.info in syslog.conf but it only tracks user withoud IP... (6 Replies)
Discussion started by: sprehodec
6 Replies
LEARN ABOUT SUSE
pam_nologin
PAM_NOLOGIN(8) Linux-PAM Manual PAM_NOLOGIN(8)
NAME
pam_nologin - Prevent non-root users from login
SYNOPSIS
pam_nologin.so [file=/path/nologin] [successok]
DESCRIPTION
pam_nologin is a PAM module that prevents users from logging into the system when /etc/nologin exists. The contents of the /etc/nologin
file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in.
OPTIONS
file=/path/nologin
Use this file instead the default /etc/nologin.
successok
Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.
MODULE TYPES PROVIDED
The auth and acct module types are provided.
RETURN VALUES
PAM_AUTH_ERR
The user is not root and /etc/nologin exists, so the user is not permitted to log in.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
This is the default return value.
PAM_SUCCESS
Success: either the user is root or the /etc/nologin file does not exist.
PAM_USER_UNKNOWN
User not known to the underlying authentication module.
EXAMPLES
The suggested usage for /etc/pam.d/login is:
auth required pam_nologin.so
NOTES
In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any
sufficient methods in order to get standard Unix nologin semantics. Note, the use of successok module argument causes the module to return
PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin
module succeeded.
SEE ALSO
nologin(5), pam.conf(5), pam.d(5), pam(8)
AUTHOR
pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>.
Linux-PAM Manual 04/01/2010 PAM_NOLOGIN(8)