Monitoring SU usage

Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Monitoring SU usage
# 8  
Old 10-02-2007
On FreeBSD as well. Some user can't just do "su -" he has to be member of wheel group.
# 9  
Old 10-03-2007

Hi to all who have taken the trouble to respond:

To Porter:
I appreciate your somewhat acerbic remarks about

"Then you either don't comprehend the seriousness or don't care about security.

If you had a bull rampaging in your china shop would you be trying to find the farmer or trying to protect your merchendise?"

Comprehending the seriousness is not an issue - I am well aware of it. The situation is simply that I cannot get *anything* done without being able to produce evidence of malpractice. I work for a *very* big outfit where money - not sense - counts; I am sure we have all seen similar.

I have *no* control over the server admin and even if I could get the root password changed I have reason to believe that the villain is in 'cahoots' with system support and would simply get the relevent info and carry on as before.

I need to find a 'smoking gun'

Thanks to all for your input - any other suggestions will be most appreciated - EG is there a way of putting a 'watch' on a file to log access/edit etc etc

Thanks to all again
# 10  
Old 10-03-2007
Finding the smoking gun is hard after "you've been compromised", but im sure you've heard of this nice project project ... take a look there, install them then sit back and watch Smilie
# 11  
Old 10-03-2007
Very Interesting


thanks for this - which particular part of the project are you suggesting I install (or *try* to install!)

thanks again
# 12  
Old 10-03-2007
Well TBH, i've never used them before but i sense you need to monitor user'session to find out who's doing what, one particular tool might be useful for you read carefully here Ryan Barnett - GCFA Practical
# 13  
Old 10-03-2007
Our sys admins have a log which watches which users su to root. They also do not allow direct log on as root making the log more effective. I'll see what I can find out.

# 14  
Old 10-03-2007
Originally Posted by ajcannon
I have *no* control over the server admin and even if I could get the root password changed I have reason to believe that the villain is in 'cahoots' with system support and would simply get the relevent info and carry on as before.
Do you have log file messages saying "xxxx su'ed to root" or similar?

Has the box been properly hardened/locked down/audited?

Have you raised your concerns with management? If not, and there is an intruder, and you knew but said nothing, you could be in worse trouble.

Last edited by porter; 10-03-2007 at 07:09 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Disk usage monitoring and record the disk used in last 24 hour

HI I am Trying to edit the below code to send email every day with difference of disk utilized in for last 24 hours but instead getting same usage everyday. can you please help me to point out where my calculation is going wrong. Thank you. ================= #!/bin/bash TODAY="at $(date... (0 Replies)
Discussion started by: Mi4304
0 Replies

2. Infrastructure Monitoring

Recording / Monitoring Shell Script Resource Usage.

I need to record min and max resources for RAM, & CPU for each command's execution in a shell script. Maybe going in details I would also be interested to capture plots with resource usage i.e.start to end of individual command with respect to time in a shell script. Please share ideas. (0 Replies)
Discussion started by: vaibhavvsk
0 Replies

3. UNIX for Dummies Questions & Answers

Memory usage per user,percent usage,sytem time in ksh

Let's say i have 20 users logged on Server. How can I know how much memory percent used each of them is using with system time in each user? (2 Replies)
Discussion started by: roy1912
2 Replies

4. Infrastructure Monitoring

Monitoring CPU Usage with SNMP

Can someone please tell me how to calculate the CPU usage from what one gets back from snmpwalk? I have searched and dug through the internet and apparently, no one has the answer to this? i can use snmpwalk to pull out relevant information about cpu. but i have no clue what values are to be... (1 Reply)
Discussion started by: SkySmart
1 Replies

5. UNIX for Advanced & Expert Users

Monitoring cpu usage of mysql processes/threads/queries without any tool

hi all, i want to monitor mysql processes/threads/queries with respect to cpu can i do it? show processlist is of no use as no information abt cpu usage is given. plz help (7 Replies)
Discussion started by: rohitmahambre
7 Replies

6. AIX

How to monitor the IBM AIX server for I/O usage,memory usage,CPU usage,network..?

How to monitor the IBM AIX server for I/O usage, memory usage, CPU usage, network usage, storage usage? (3 Replies)
Discussion started by: laknar
3 Replies

7. Solaris

current CPU usage, memory usage, disk I/O oid(snmp)

Hi, I want to monitor the current cpu usage, monitor usage , disk I/o and network utlization for solaris using SNMP. I want the oids for above tasks. can you please tell me that Thank you (2 Replies)
Discussion started by: S_venkatesh
2 Replies

8. HP-UX

how can I find cpu usage memory usage swap usage and logical volume usage

how can I find cpu usage memory usage swap usage and I want to know CPU usage above X% and contiue Y times and memory usage above X % and contiue Y times my final destination is monitor process logical volume usage above X % and number of Logical voluage above can I not to... (3 Replies)
Discussion started by: alert0919
3 Replies

9. HP-UX

Memory Usage Monitoring

Hey guys how do you determined how much memory is consumed a certain process in HP-UX,Also is there any other way of determining free memory if memdetail and sar -r is unavailable? (2 Replies)
Discussion started by: sbn
2 Replies

10. UNIX for Advanced & Expert Users

Monitoring CPU usage on AIX 5.3 with SNMP

Hi I would like to monitor CPU usage ( %) , memory utilization and such on an AIX 5.3 with snmp. How would I do that ? :confused: If I do "snmpwalk -c public -v1 hosttomonitor" I get nothing about the CPU. I've done this on Linux ( not much trouble doing it on linux ) but I'm having a hard... (2 Replies)
Discussion started by: art
2 Replies
Login or Register to Ask a Question