su Post: 17470

Sponsored Content

Top Forums UNIX for Dummies Questions & Answers su Post 17470 by rwb1959 on Friday 15th of March 2002 02:22:58 PM

03-15-2002

Registered User

You didn't mention what "flavor" of UNIX.
Different UNIX systems utilize log files in different locations and with different names.
The log file structure on Solaris 7 is...

All successful and unsuccessful su attempts are
logged to /var/adm/sulog. Keeping track of who is
using the su command specifically who is
attempting to su to root is critical for
successful security monitoring.

To log failed login in attempts Solaris uses
/var/adm/loginlog. This file must be created
manually be owned by root and group sys, and must
have the permissions of 600. Log entries will be
created after five failed login attempts by
default.

The last command monitors who is logged into your
systems, and when, and from where. It's
information is logged to the /var/adm/wtmpx file.
This file is stored in binary format and the last
command must be used to read the file.

System events including software and hardware.
Events are logged into the /var/adm/messages file.
These include hardware errors, Operating System
errors, and security related messages. These
messages could be generated from successful and
failed logins, connections from TCP-Wrappers, su
attempts, and from sshd.

rwb1959

View Public Profile for rwb1959

Find all posts by rwb1959

LEARN ABOUT SUNOS

sulog

sulog(4)							   File Formats 							  sulog(4)

NAME

       sulog - su command log file

SYNOPSIS

       /var/adm/sulog

DESCRIPTION

       The  sulog file is a record of all attempts by users on the system  to execute the su(1M) command.  Each time  su(1M) is executed, an entry
       is added to the sulog file.

       Each entry in the sulog file is a single line of the form:

	      SU date time
	      result port user-newuser

       where

       date	       The month and date su(1M) was executed.	date is displayed in the form  mm/dd where  mm is the month number and dd  is  the
		       day number in the month.

       time	       The  time   su(1M) was executed. time is displayed in the form  HH/MM where  HH is the hour number (24 hour system) and	MM
		       is the minute number.

       result	       The result of the  su(1M) command.  A ` + ' sign is displayed in this field if the su attempt was successful; otherwise	 a
		       ` - ' sign is displayed.

       port	       The name of the terminal device from which  su(1M) was executed.

       user	       The user id of the user executing the  su(1M) command.

       newuser	       The user id being switched to with  su(1M).

EXAMPLES

       Example 1: A sample sulog file.

       Here is a sample sulog file:

       SU 02/25 09:29 + console root-sys
       SU 02/25 09:32 + pts/3 user1-root
       SU 03/02 08:03 + pts/5 user1-root
       SU 03/03 08:19 + pts/5 user1-root
       SU 03/09 14:24 - pts/5 guest3-root
       SU 03/09 14:24 - pts/5 guest3-root
       SU 03/14 08:31 + pts/4 user1-root

FILES

       /var/adm/sulog	       su log file

       /etc/default/su	       contains the default location of  sulog

SEE ALSO

       su(1M)

SunOS 5.10							    6 Jun 1994								  sulog(4)