Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Trace su to root
Operating Systems AIX Trace su to root Post 302843366 by sprehodec on Tuesday 13th of August 2013 03:03:13 AM
Old 08-13-2013
Trace su to root
Hi,

is it possible to trace everything about user that changes from its own user to root user, failed and successful attempts (I would need user and IP address of user that was trying to do that)?

I tried adding auth.notice and auth.info in syslog.conf but it only tracks user withoud IP address but I would need more information about user that tried to switch to root user.

thanks in advance
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Trace connections

In my organization in order for anyone to go to any Unix server they have to go through "SERVER A" and login as themselves. Then people are free to go enywhere they please. For example: SERVER A, loggs in as himself telnets to SERVER B, loggs in as guest telnets to SERVER C, loggs in as... (8 Replies)
Discussion started by: jraitsev
8 Replies

2. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

3. IP Networking

trace route ip

hi everybody , i have a solaris 5.6 box and i want to trace the route on an ip i treid traceroute but soalris 5.6 does not support it ... is there a command that can be used equivelent to traceroute ? thanks for your help (2 Replies)
Discussion started by: ppass
2 Replies

4. UNIX for Dummies Questions & Answers

Trace DHCP - Help!

Can someone help me with commands to trace DHCP on an HP_UX box? Thanks! (0 Replies)
Discussion started by: nuGuy
0 Replies

5. HP-UX

how to trace the logs

Hi, Last day, In one of our unix boxes there was an issue wherein few of the directory structures were missing / got deleted. Is there any way by which we can find how it happened, I mean by going through syslog / which user had run what command? Thanks for your help (3 Replies)
Discussion started by: vivek_damodaran
3 Replies

6. Shell Programming and Scripting

how to supress the trace

Hi I am working in ksh and getting the trace after trying to remove the file which in some cases does not exist: $ my_script loadfirm.dta.master: No such file or directory The code inside the script which produces this trace is the following: ] || rm ${FILE}.master >> /dev/null for... (3 Replies)
Discussion started by: aoussenko
3 Replies

7. UNIX for Dummies Questions & Answers

How to trace root's activity log

What is the command to check the activity of all users with root access on a Unix platform? Right now, there is like about 20 users with root and someone accidentally made some changes to the crontab and I need to trace which user did it. (5 Replies)
Discussion started by: hedkandi
5 Replies

8. Solaris

Migration of system having UFS root FS with zones root to ZFS root FS

Hi All After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies

9. UNIX for Dummies Questions & Answers

Help with trace file

Hi, I am an oracle DBA pretty new to unix. We had one of the filesystems full and a colleague cleared some stuffs to create more space. I just checked now and found there is now more space available. How do i find exactly what he cleared? We have oracle database installed and its a RAC... (4 Replies)
Discussion started by: dollypee
4 Replies

10. Shell Programming and Scripting

Stack Trace

Hi All Thought it would be kind of fun to implement a stack trace for a shell script that calls functions within a sub shell. This is for bash under Linux and probably not portable - #! /bin/bash error_exit() { echo "=======================" echo $1 echo... (4 Replies)
Discussion started by: steadyonabix
4 Replies

LEARN ABOUT POSIX

posix_trace_eventid_get_name

POSIX_TRACE_EVENTID_EQUAL(P)				     POSIX Programmer's Manual				      POSIX_TRACE_EVENTID_EQUAL(P)

NAME

       posix_trace_eventid_equal,  posix_trace_eventid_get_name, posix_trace_trid_eventid_open - manipulate the trace event type identifier (TRAC-
       ING)

SYNOPSIS

       #include <trace.h>

       int posix_trace_eventid_equal(trace_id_t trid, trace_event_id_t event1,
	      trace_event_id_t event2);
       int posix_trace_eventid_get_name(trace_id_t trid,
	      trace_event_id_t event, char *event_name);

       int posix_trace_trid_eventid_open(trace_id_t trid,
	      const char *restrict event_name,
	      trace_event_id_t *restrict event);

DESCRIPTION

       The posix_trace_eventid_equal() function shall compare the trace event type identifiers event1 and event2 from the same trace stream or the
       same trace log identified by the trid argument. If the trace event type identifiers event1 and event2 are from different trace streams, the
       return value shall be unspecified.

       The posix_trace_eventid_get_name() function shall return, in the argument pointed to by event_name, the trace event  name  associated  with
       the  trace  event  type identifier identified by the argument event, for the trace stream or for the trace log identified by the trid argu-
       ment.  The  name  of  the  trace  event	shall  have  a	maximum  of  {TRACE_EVENT_NAME_MAX}  characters  (which  has  the  minimum   value
       {_POSIX_TRACE_EVENT_NAME_MAX}).	 Successive  calls  to	this  function with the same trace event type identifier and the same trace stream
       identifier shall return the same event name.

       The posix_trace_trid_eventid_open() function shall associate a user trace event name with a trace event type identifier for a  given  trace
       stream.	The  trace  stream  is identified by the trid argument, and it shall be an active trace stream. The trace event name is the string
       pointed to by the argument event_name.  It shall have  a  maximum  of  {TRACE_EVENT_NAME_MAX}  characters  (which  has  the  minimum  value
       {_POSIX_TRACE_EVENT_NAME_MAX}). The number of user trace event type identifiers that can be defined for any given process is limited by the
       maximum value {TRACE_USER_EVENT_MAX}, which has the minimum value {_POSIX_TRACE_USER_EVENT_MAX}.

       If the Trace Inherit option is not supported, the posix_trace_trid_eventid_open() function  shall  associate  the  user	trace  event  name
       pointed	to  by	the event_name argument with a trace event type identifier that is unique for the process being traced in the trace stream
       identified by the trid argument, and is returned in the variable pointed to by the event argument. If the user trace event name has already
       been  mapped  for  the  traced process, then the previously assigned trace event type identifier shall be returned. If the per-process user
       trace event name limit represented by {TRACE_USER_EVENT_MAX} has been reached, the  pre-defined	POSIX_TRACE_UNNAMED_USEREVENT  (see  Trace
       Option: User Trace Event ) user trace event shall be returned.

       If the Trace Inherit option is supported, the posix_trace_trid_eventid_open() function shall associate the user trace event name pointed to
       by the event_name argument with a trace event type identifier that is unique for all the processes being traced in the trace stream identi-
       fied  by the trid argument, and is returned in the variable pointed to by the event argument. If the user trace event name has already been
       mapped for the traced processes, then the previously assigned trace event type identifier shall be returned. If the per-process user  trace
       event  name  limit represented by {TRACE_USER_EVENT_MAX} has been reached, the pre-defined POSIX_TRACE_UNNAMED_USEREVENT (see Trace Option:
       User Trace Event ) user trace event shall be returned.

RETURN VALUE

       Upon successful completion, the posix_trace_eventid_get_name() and posix_trace_trid_eventid_open()  functions shall return a value of zero.
       Otherwise, they shall return the corresponding error number.

       The  posix_trace_eventid_equal() function shall return a non-zero value if event1 and event2 are equal; otherwise, a value of zero shall be
       returned. No errors are defined.  If either event1 or event2 are not valid trace event type identifiers for the trace stream  specified	by
       trid or if the trid is invalid, the behavior shall be unspecified.

       The posix_trace_eventid_get_name() function stores the trace event name value in the object pointed to by event_name, if successful.

       The posix_trace_trid_eventid_open() function stores the trace event type identifier value in the object pointed to by event, if successful.

ERRORS

       The posix_trace_eventid_get_name() and	posix_trace_trid_eventid_open() functions shall fail if:

       EINVAL The trid argument was not a valid trace stream identifier.

       The posix_trace_trid_eventid_open() function shall fail if:

       ENAMETOOLONG

	      The size of the name pointed to by the event_name argument was longer than the implementation-defined value {TRACE_EVENT_NAME_MAX}.

       The posix_trace_eventid_get_name() function shall fail if:

       EINVAL The trace event type identifier event was not associated with any name.

       The following sections are informative.

EXAMPLES

       None.

APPLICATION USAGE

       None.

RATIONALE

       None.

FUTURE DIRECTIONS

       None.

SEE ALSO

       Trace  Option:  User Trace Event , posix_trace_event() , posix_trace_getnext_event() , the Base Definitions volume of IEEE Std 1003.1-2001,
       <trace.h>

COPYRIGHT

       Portions of this text are reprinted and reproduced in electronic form from IEEE Std 1003.1, 2003 Edition, Standard for Information Technol-
       ogy -- Portable Operating System Interface (POSIX), The Open Group Base Specifications Issue 6, Copyright (C) 2001-2003 by the Institute of
       Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and  the  original  IEEE
       and  The  Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained
       online at http://www.opengroup.org/unix/online.html .

IEEE
/The Open Group						       2003					      POSIX_TRACE_EVENTID_EQUAL(P)
All times are GMT -4. The time now is 02:21 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy