Repetitive failed tries could be a hint for some unusual behaviour.
Else you might go look up this log when something bad has happened already to get a clue afterwards who might have been it.
If this is not enough and you are looking for some more information, which commands have been issued by whom etc., you might want to have a look at an auditing suite.
Maybe auditd is available for your Linux distribution.
Our policy is that every use of su or sudo has to be explained. Just collecting the records and challenging is a good start, however I added something in to /etc/profile that tries to log all the commands too. There are certainly some flaws with it and it depends on people doing su - or su - username to run the profile and therefore be effective, but that has always been the habit here, so I got away with that.
There were various other application specific things embedded in the code but having stripped that out, I think this might still work:-
You would need to determine the pseudo-terminal as $PTS but the rest gives you a fairly good trace to challenge people with.
Please review the output below and suggest if you notice the parameters going out of limit.
netstat -p udp
382735172 datagrams received
0 incomplete headers
0 bad data length fields
0 bad checksums
12519 dropped due to no socket
... (2 Replies)
Discussion started by: Vishal_dba
2. Post Here to Contact Site Administrators and Moderators
I 've been brewing this shellscript, but I can't test it until next tuesday.
In the meantime I am too curious wether it will work or not, so I'd like to hear your comments.
I want to watch the user quota for mailboxes in various email-domains on a IMAP-server.
I have... (1 Reply)