• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Bookmarks
  • Advanced
• Log In
• Sign Up
• Help
  • Help Wiki
  • Contact Wiki Admin
• Report an Issue
  • Report a Wiki Space Issue
  • Report a Site Wide Issue

1. Wikis Home
2. BigAdmin
3. …
4. Tech Tips for Sysadmins
5. Security Administration Tech Tips
6. Security Tech Tip - Monitoring superuser Access (English & Portuguese)

• Log In

Security Tech Tip - Monitoring superuser Access (English & Portuguese)

• Added by CMacWasHere, last edited by CMacWasHere on Apr 02, 2009  (view change)

Comment:

SysAdmin Topics Application Mgmt Automation Availability Backups Boot Process Configuration Databases Desktop Envmts Developer Development Envmts Devices and Periphs Drivers Email [Environmentals] Fault Management Filesystems Firmware Hardware High Performance Computing [Identity Mgmt ] Installation Interoperability Java Deployment LAMP-SAMP [Languages] [Load Balancing] Middleware Migration Monitoring Networking Open Source Operating System Patches and Releases Performance Power Management Release Eng Reliability [Reporting] Servers Security Storage [Time] Tools Troubleshooting Upgrade Virtualization Volume Management Web Technologies Zones

Security Tech Tip in English/Portuguese: Monitoring superuser Access by Nuno Rocha A) (In English) Monitoring superuser Access When the operating system is installed, a superuser is created, with an UID of 0. The usage of the su command is recorded in /var/adm/sulog. To record in the first place you need to do the following. In the file /etc/default/su, uncomment the entry: SULOG=/var/adm/sulog. Save it. The entries look like this: MO 02/18 14:21 + pts/0 nrocha-root TU 02/19 14:45 - pts/0 root-nrocha WE 02/20 19:47 + pts/0 amaria-nrocha The first three columns show the time the event occurred. The fourth column shows a - for failed access and a + for successful access. The fifth column shows which port the access was made from. The last column shows the name of the user who tried to switch users and the switched user. Note: This procedure was tested on the Solaris 10 OS. B) (In Portuguese) Monitorizar acessos de superuser Quando o sistema operativo é instalado, um superuser é criado, com um UID de 0. A utilização do comando su é gravada em /var/adm/sulog. Mas para que isso aconteça, é preciso fazer o seguinte. No ficheiro /etc/default/su, tire o comentário da seguinte linha: SULOG=/var/adm/sulog. Guarde. As entradas têm este aspecto: MO 02/18 14:21 + pts/0 nrocha-root TU 02/19 14:45 - pts/0 root-nrocha WE 02/20 19:47 + pts/0 amaria-nrocha As primeiras três colunas mostram a data da entrada. A quarta coluna mostra um - para acessos falhados e um + acessos conseguidos. A quinta coluna mostra porque porta, o acesso foi feito. A última coluna mostra o utilizador, que tentou mudar de utilizador e o utilizador, para o qual foi mudado. Nota: Este procedimento foi testado no Sistema Operativo Solaris 10.

Labels parameters

Labels

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.