Re: Seeing who has su-ed

From: Alvin Oga (alvin.sec@Mail.Linux-Consulting.com)
Date: 03/21/03

  • Next message: Andy Walden: "Re: Seeing who has su-ed"
    Date: Fri, 21 Mar 2003 12:49:08 -0800 (PST)
    From: Alvin Oga <alvin.sec@Mail.Linux-Consulting.com>
    To: "Klotz, Brian" <Brian_Klotz@heald.edu>
    
    

    hi ya

    On Thu, 20 Mar 2003, Klotz, Brian wrote:

    >
    > I teach a Linux basics course and each term I have the problem of students
    > who do an su to become root, then rather than exiting, they su again to go
    > back to their regular account. The trouble is identifying when someone has
    > done this (they usually don't remember). The "who" command only shows login
    > shells (AFAIK) so it does not reveal when someone has su-ed.
    >
    > Does anyone know of a way to list all of the users currently logged in,
    > including when someone has su-ed to become another user?

    root:~# tail -100 /var/log/secure
    ....
    Mar 21 12:45:18 xx su[28280]: Authentication failed for alvin
    Mar 21 12:45:18 xx su[28280]: - pts/24 alvin-alvin
    Mar 21 12:45:23 xx su[28281]: Authentication failed for alvin
    Mar 21 12:45:23 xx su[28281]: - pts/24 alvin-alvin
    Mar 21 12:45:26 xx su[28282]: + pts/24 alvin-alvin

    works for me... tell me time/date that "alvin" su to become others
    and if i su - root ... and i forget the passwd ...

    Mar 21 12:46:53 Guru su[28294]: + pts/24 root-alvin
    Mar 21 12:47:10 Guru su[28352]: Authentication failed for root
    Mar 21 12:47:10 Guru su[28352]: - pts/24 alvin-root

    good for slackware-8.1

    and history to see what they did...

    and run scripts to see all that they typed, even inside vi (?)

    c ya
    alvin


  • Next message: Andy Walden: "Re: Seeing who has su-ed"

    Relevant Pages

    • RE: Seeing who has su-ed
      ... | who do an su to become root, then rather than exiting, they su again ... | shells (AFAIK) so it does not reveal when someone has su-ed. ...
      (Focus-Linux)
    • Re: Seeing who has su-ed
      ... | I teach a Linux basics course and each term I have the problem of students ... | who do an su to become root, then rather than exiting, they su again to go ... That neatly shows the process tree and the users of each process. ...
      (Focus-Linux)
    • Re: Sudo with two users
      ... by a group of competent students. ... > able to get root access on their own, group two, which would be the ... electronically approve/sign each issue/problem they are working. ...
      (comp.os.linux.misc)
    • Re: SUDOERS: how to setup in a school
      ... > I'm teacher of a Linux course, and I'm using Fedora Core 2 to teach ... > to login using ROOT user or a user created with ROOT privileges, ... Grant the students privelege to the contents of this directory. ...
      (comp.os.linux.security)
    • RE: Training Lab Question
      ... maintain a -unique- root, and the students should have that root on their ... Subject: Training Lab Question ... What is the best/safest way to allow the students to run ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)