Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Log Review- SU
Special Forums Cybersecurity Log Review- SU Post 302955438 by zaxxon on Thursday 17th of September 2015 10:31:12 AM
Old 09-17-2015
Repetitive failed tries could be a hint for some unusual behaviour.

Else you might go look up this log when something bad has happened already to get a clue afterwards who might have been it.

If this is not enough and you are looking for some more information, which commands have been issued by whom etc., you might want to have a look at an auditing suite.
Maybe auditd is available for your Linux distribution.
 

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Where can I review the source code?

A very n00b question: After compiling and installing software, where does the original source code reside? I'd like to study the source code of some of the ports I've installed. Thanks! :D (1 Reply)
Discussion started by: Aaron Van
1 Replies

2. Shell Programming and Scripting

Please, review script.

Hi guys, I 've been brewing this shellscript, but I can't test it until next tuesday. In the meantime I am too curious wether it will work or not, so I'd like to hear your comments. Background: I want to watch the user quota for mailboxes in various email-domains on a IMAP-server. I have... (1 Reply)
Discussion started by: algernonz
1 Replies

3. Solaris

please review this cron syntax

Dears if i want to run this job every Saturday at 6 AM that will be the code * 6 * * 1 cd /export/home/jenova ; ls -ltr >> $HOME/jenova_dir (2 Replies)
Discussion started by: jenovaux
2 Replies

4. Post Here to Contact Site Administrators and Moderators

Please review this thread wrt o/p

https://www.unix.com/unix-dummies-questions-answers/117633-top-output-specific-process-file-2.html (2 Replies)
Discussion started by: methyl
2 Replies

5. IP Networking

Netsat output-Please review

Hello, Please review the output below and suggest if you notice the parameters going out of limit. netstat -p udp udp: 382735172 datagrams received 0 incomplete headers 0 bad data length fields 0 bad checksums 12519 dropped due to no socket ... (2 Replies)
Discussion started by: Vishal_dba
2 Replies

LEARN ABOUT SUNOS

sulog

sulog(4)							   File Formats 							  sulog(4)

NAME

       sulog - su command log file

SYNOPSIS

       /var/adm/sulog

DESCRIPTION

       The  sulog file is a record of all attempts by users on the system  to execute the su(1M) command.  Each time  su(1M) is executed, an entry
       is added to the sulog file.

       Each entry in the sulog file is a single line of the form:

	      SU date time
	      result port user-newuser

       where

       date	       The month and date su(1M) was executed.	date is displayed in the form  mm/dd where  mm is the month number and dd  is  the
		       day number in the month.

       time	       The  time   su(1M) was executed. time is displayed in the form  HH/MM where  HH is the hour number (24 hour system) and	MM
		       is the minute number.

       result	       The result of the  su(1M) command.  A ` + ' sign is displayed in this field if the su attempt was successful; otherwise	 a
		       ` - ' sign is displayed.

       port	       The name of the terminal device from which  su(1M) was executed.

       user	       The user id of the user executing the  su(1M) command.

       newuser	       The user id being switched to with  su(1M).

EXAMPLES

       Example 1: A sample sulog file.

       Here is a sample sulog file:

       SU 02/25 09:29 + console root-sys
       SU 02/25 09:32 + pts/3 user1-root
       SU 03/02 08:03 + pts/5 user1-root
       SU 03/03 08:19 + pts/5 user1-root
       SU 03/09 14:24 - pts/5 guest3-root
       SU 03/09 14:24 - pts/5 guest3-root
       SU 03/14 08:31 + pts/4 user1-root

FILES

       /var/adm/sulog	       su log file

       /etc/default/su	       contains the default location of  sulog

SEE ALSO

       su(1M)

SunOS 5.10							    6 Jun 1994								  sulog(4)
All times are GMT -4. The time now is 12:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy