email when user su's to root
Bill Hillier
billhillier10 at aol.com
Fri Mar 13 17:30:46 UTC 2009
/var/log/secure captures su both successful and failed both equally
important ... but if you want an email you could set up a script to read
the log and trigger on a keyword. Presumably you have tied down the
people who have the ability to su to root (modifying PAM to use the
wheel group)
hope this is useful,
Bill
Marcos Aurelio Rodrigues wrote:
> You can do that using rsyslog or sec and a good regex.
>
>
>
> []s
> Marcos
>
> On Fri, Mar 13, 2009 at 10:43 AM, Anne Moore <diabeticithink at yahoo.com>wrote:
>
>> HI All,
>>
>> Does anyone know how I'd make an automatic email fly off every time a user
>> SU's to root? We're have security issues, and we're needed to track it.
>>
>> Thank you for your assistance with this.
>>
>> Anne
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
More information about the redhat-list
mailing list