email when user su's to root
m.roth2006 at rcn.com
m.roth2006 at rcn.com
Fri Mar 13 21:06:06 UTC 2009
Here's a real question: do you need to know, realtime, when someone's su'ing to root? Would a daily or hourly report work?
And then there's another point: how many people can su to root? They SHOULD NOT BE DOING THAT if they're not the sysadmins. iff (if and only if) some users *really* need to have superuser privileges, they should be sudoing, and in that case, every single command they issue (sudo rm -r /, for example <g>) will be logged to /var/log/secure, and what account the did it from. That might be a *lot* more useful.
In addition, you can limit what commands they can use *with* sudo.
mark
---- Original message ----
>Date: Fri, 13 Mar 2009 16:45:40 -0400
>From: Hike <mh1272 at gmail.com>
>Subject: Re: email when user su's to root
>To: General Red Hat Linux discussion list <redhat-list at redhat.com>
>
>Your authlog shoud have this (or sulog).
>You can use wrapper for su that takes action, also.
>
>On Mar 13, 2009, at 9:43 AM, "Anne Moore" <diabeticithink at yahoo.com>
>wrote:
>
>> HI All,
>>
>> Does anyone know how I'd make an automatic email fly off every time
>> a user
>> SU's to root? We're have security issues, and we're needed to track
>> it.
>>
>> Thank you for your assistance with this.
>>
>> Anne
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list