05-23-2012
55,
2
Join Date: Mar 2010
Last Activity: 23 May 2012, 10:22 AM EDT
Posts: 55
Thanks Given: 0
Thanked 2 Times in 2 Posts
I cannot speak to AIX; however, WinSCP is a client tool I have used to access Solaris and Linux systems. You can have users enable activity logging in WinSCP, but you cannot enforce it without setting up group policies. To my knowledge you cannot execute the SU command in the GUI, but you can in the terminal (either the built-in or by linking to PuTTY).
So... question for you... are your users using their own credentials to access the server, then using SU through the terminal session to get elevated priviledges? If so, then your logging should catch their activity. Alternately, are the users using the elevated accounts (i.e. root) in the GUI to access the server directly? If so, you will not see who is using the root account, only that the root account took some action.
One way to overcome this is to remove login capability from all elevated accounts and force users to login with their own accounts, then SU to the elevated accounts. Many admins would consider this a safer approach anyway.