Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to trace kbd entries after "su -"
Top Forums UNIX for Dummies Questions & Answers how to trace kbd entries after "su -" Post 302380442 by sebastia.net on Tuesday 15th of December 2009 07:47:19 AM
Old 12-15-2009
how to trace kbd entries after "su -"
Hello all.

In my organization, users access the Host using Putty.
And the root login is disabled, so users enter as low-privilege users.

Sometimes, they need to enter "root" account,
and we want to monitor what they do after this point.

I have been told that a keyboard trace can be activated
when this remote user uses "SU -" to continue as ROOT.

Can you tell me how is it done ?
Thanks a lot. Sebastian.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies

2. Shell Programming and Scripting

cat $como_file | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g'

hi All, cat file_name | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g' Can this be done by using sed or awk alone (4 Replies)
Discussion started by: harshakusam
4 Replies

3. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

4. UNIX for Advanced & Expert Users

Trace "free(): invalid next size (normal)" error on arm-linux board

Hi guys, i'm running a program on samsumg 6410 arm cpu board. it caused an "free(): invalid next size (normal)" fail. i try to use gdb for remote debugging: 1, start gdb server on board: gdbserver 192.168.1.20:1234 ./HostAP Process ./HostAP created; pid = 499 Listening on port... (8 Replies)
Discussion started by: ss1969
8 Replies

5. Shell Programming and Scripting

how to use "cut" or "awk" or "sed" to remove a string

logs: "/home/abc/public_html/index.php" "/home/abc/public_html/index.php" "/home/xyz/public_html/index.php" "/home/xyz/public_html/index.php" "/home/xyz/public_html/index.php" how to use "cut" or "awk" or "sed" to get the following result: abc abc xyz xyz xyz (8 Replies)
Discussion started by: timmywong
8 Replies

6. Solaris

The slices "usr", "opt", "tmp" disappeared!!! Help please.

The system don't boot. on the screen appears following: press enter to maintenance (or type CTRL-D to continue)...I checked with format command. ... the slices "0-root","1-swap","2-backup" exist. ...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Discussion started by: wolfgang
16 Replies

7. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies

8. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

9. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ... (3 Replies)
Discussion started by: penchev
3 Replies

LEARN ABOUT REDHAT

faillog

FAILLOG(8)						      System Manager's Manual							FAILLOG(8)

NAME

       faillog - examine faillog and set login failure limits

SYNOPSIS

       faillog [-u login-name] [-a] [-t days]
	       [-m max] [-pr]

DESCRIPTION

       faillog	formats the contents of the failure log, /var/log/faillog, and maintains failure counts and limits.  The order of the arguments to
       faillog is significant.	Each argument is processed immediately in the order given.

       The -p flag causes failure entries to be printed in UID order.  Entering -u login-name flag will cause the failure  record  for	login-name
       only  to  be printed.  Entering -t days will cause only the failures more recent than days to be printed.  The -t flag overrides the use of
       -u.  The -a flag causes all users to be selected.  When used with the -p flag, this option selects all users who  have  ever  had  a  login
       failure.  It is meaningless with the -r flag.

       The  -r	flag  is  used	to  reset the count of login failures.	Write access to /var/log/faillog is required for this option.  Entering -u
       login-name will cause only the failure count for login-name to be reset.

       The -m flag is used to set the maximum number of login failures before the account  is  disabled.   Write  access  to  /var/log/faillog	is
       required for this option.  Entering -m max will cause all accounts to be disabled after max failed logins occur.  This may be modified with
       -u login-name to limit this function to login-name only.  Selecting a max value of 0 has the effect of not placing a limit on the number of
       failed logins.  The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.

       Options may be combined in virtually any fashion.  Each -p, -r, and -m option will cause immediate execution using any -u or -t modifier.

CAVEATS

       faillog	only  prints  out users with no successful login since the last failure.  To print out a user who has had a successful login since
       their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.

       Some systems may replace /var/log with /var/adm or /usr/adm.

FILES

       /var/log/faillog - failure logging file

SEE ALSO

       login(1), faillog(5)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	FAILLOG(8)
All times are GMT -4. The time now is 06:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy