Re: Seeing who has su-ed
From: J. Rowan (security@jretrading.com)
Date: 03/21/03
- Previous message: Andreas: "Re: Seeing who has su-ed"
- In reply to: Klotz, Brian: "Seeing who has su-ed"
- Next in thread: Cameron Simpson: "Re: Seeing who has su-ed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Mar 2003 21:26:34 +0000 To: "Klotz, Brian" <Brian_Klotz@heald.edu> From: "J. Rowan" <security@jretrading.com>
In message <3E21E53CD30AD947ADD1DDD66934A48591ED51@pocmail.heald.edu>,
"Klotz, Brian" <Brian_Klotz@heald.edu> writes
>
>I teach a Linux basics course and each term I have the problem of students
>who do an su to become root, then rather than exiting, they su again to go
>back to their regular account. The trouble is identifying when someone has
>done this (they usually don't remember). The "who" command only shows login
>shells (AFAIK) so it does not reveal when someone has su-ed.
>
>Does anyone know of a way to list all of the users currently logged in,
>including when someone has su-ed to become another user?
>
Auditing of su use is important and should be built in. Depending
somewhat on your distro, /etc/login.defs should have a section on su
logging. A typical default would direct logging to syslog, but there
should also be an option of specifying a separate logfile for su
activities only. If syslog is used, check /etc/syslog.conf or equivalent
for the destination of auth logs, under Debian the default is
/var/log/auth.log.
-- security@jretrading.com
- Previous message: Andreas: "Re: Seeing who has su-ed"
- In reply to: Klotz, Brian: "Seeing who has su-ed"
- Next in thread: Cameron Simpson: "Re: Seeing who has su-ed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
