04-05-2011
On modern GNU/Linux distributions, su information is logged via the PAM stack (/etc/pam.d) module pam_unix.so to /var/log/secure.
6 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
the sulog file on solaris does not record the user's attempts.
do i have to delete and create a new one or there is a better way?
in addition on the current sulog file is shown the month/day of the user's attempt but
i like to see the year also. there is a way to see the year or more... (2 Replies)
Discussion started by: grep
2 Replies
2. Solaris
Hi All,
I need to get last 7 days log entries from sulog. The same has to be done for the last command.
for ex: when i search for a user "abc" in sulog, i only want to check his entries for the last 1 week.
The same has to be done for last command.
Can anyone suggest some tips.
... (0 Replies)
Discussion started by: navdeepan
0 Replies
3. AIX
I just wrote a very small script that improves readability on system sulog. The problem with all sulog is there is lack of clarity whether the info you are looking at is the most current. So if you just need a simple soution instead of going thru the trouble of writing a script that rotate logs and... (0 Replies)
Discussion started by: sparcguy
0 Replies
4. Solaris
Hi,
more than one user login the our solaris 10 systems with same user account by using ssh connection. i wanna see ip or hostname information of them on sulog instead of it's terminal number. is this possible?
current sulog is like that
SU 02/06 08:59 + pts/1 operation-vuser
SU 02/07 14:27... (1 Reply)
Discussion started by: sdkbjk
1 Replies
5. Solaris
Hi,
I would like to know is there any way to capture the year in /var/adm/sulog file in solaris 10?
Please suggest (2 Replies)
Discussion started by: manoj.solaris
2 Replies
6. AIX
Hi,
I need to grant read permission to a normal user on sulog file on AIX 6.1.
As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies
LEARN ABOUT CENTOS
pam_loginuid
PAM_LOGINUID(8) Linux-PAM Manual PAM_LOGINUID(8)
NAME
pam_loginuid - Record user's login uid to the process attribute
SYNOPSIS
pam_loginuid.so [require_auditd]
DESCRIPTION
The pam_loginuid module sets the loginuid process attribute for the process that was authenticated. This is necessary for applications to
be correctly audited. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd. There
are probably other entry point applications besides these. You should not use it for applications like sudo or su as that defeats the
purpose by changing the loginuid to the account they just switched to.
OPTIONS
require_auditd
This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running.
MODULE TYPES PROVIDED
Only the session module type is provided.
RETURN VALUES
PAM_SESSION_ERR
An error occurred during session management.
EXAMPLES
#%PAM-1.0
auth required pam_unix.so
auth required pam_nologin.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
SEE ALSO
pam.conf(5), pam.d(5), pam(8), auditctl(8), auditd(8)
AUTHOR
pam_loginuid was written by Steve Grubb <sgrubb@redhat.com>
Linux-PAM Manual 09/19/2013 PAM_LOGINUID(8)