guys tahnks for all ur reply..!!
ghem
On Fri, 12 Nov 1999, Richard Adams wrote:
> On Fri, 12 Nov 1999, Robert Haehnel wrote:
> >No I don't have a script to monitor us of su. However, I think it can be done
> >without too much trouble. Perhaps there are others out there that can provide a
> >starting point for such a script.
>
> Well you dont really need a script, just the follwoing command line
> should get you some results.
>
> cat /var/log/messages | grep su | more
>
> Or let cron do the work from a script and inform you via mail.
> Even doing ./name_of_file once a day will do.
>
> #!/bin/sh
> #
> # Check var/log/messages for the command su and who used it.
> # Change the folowing to YOUR machines mailaddress.
> # Even root@localhost will do.
>
> [EMAIL PROTECTED]
>
> # define the place to look i will use /var/log/messages
>
> placetolook=/var/log/messages
>
> cat $placetolook | grep su | mail $mailaddress
>
> exit 0
>
> >[EMAIL PROTECTED] wrote:
> >
> >> guys thanks for the reply !!
> >>
> >> btw... rw2
> >>
> >> do u have an example of the script ur talking about...
> >> actually we did changing the permission.. but the problem is we cant also
> >> used that command... what permission should i put??
> >>
> >> thanks in advance!!
> >>
> >> ghem
> >>
> >> On 10 Nov 1999 [EMAIL PROTECTED] wrote:
> >>
> >> > Robert Haehnel <[EMAIL PROTECTED]> writes:
> >> >
> >> > > I'm not sure you want to limit use of su. A mere user can use it to switch
> >> > > to other user accts if it is warrented. It is too handy a tool to limit use
> >> > > of it, what you might want to do it work up a script to log who is using it
> >> > > and what accts they are switching to.
> >> > >
> >> > > The best protection against abuse of su is good password administration
> >> > > (especially root passwords).
> >> >
> >> > Yes, but limiting su on heavily trafficed systems is still a good
> >> > thing as it slows an intruders ability to exploit the knowledge they
> >> > have.
> >> >
> >> > Why not just change the permissions on su (or your su wrapper that is
> >> > tracking usage) and make the users you want to allow members of a
> >> > group (e.g. admin, powerusers).
> >> >
> >> > rw2
> >> >
> >> > --
> >> > Logically, life must be possible in the Universe.
> >> > Else you would not be here.
> >> > Assuming you are.
> >> >
> >
> >--
> >
> >Robert B. Haehnel
> >Ice Engineering Research Division
> >Cold Regions Research and Engineering Laboratory
> >72 Lyme Road
> >Hanover, NH 03755-1290
> >
> >Phone: (603)646-4325
> >Fax: (603)646-4477
> >e-mail: [EMAIL PROTECTED]
> >web: http://www.crrel.usace.army.mil
> --
> Regards Richard
> [EMAIL PROTECTED]
> http://people.zeelandnet.nl/pa3gcu/
>
