On this page
Monitoring Superuser Access
Introduction
When the operating system is installed, a superuser is created, with an UID of 0. The usage of the su command is recorded in /var/adm/sulog
.
Configuration
To record in the first place you need to do the following.
In the file /etc/default/su
, uncomment the entry:
|
|
Save it.
The entries look like this (/var/adm/sulog
):
|
|
- The first three columns show the time the event occurred.
- The fourth column shows a - for failed access and a + for successful access.
- The fifth column shows which port the access was made from.
- The last column shows the name of the user who tried to switch users and the switched user.
Note: This procedure was tested on the Solaris 10 OS.
References
https://wikis.sun.com/display/BigAdmin/Security+Administration+Tech+Tips
Last updated 04 Feb 2009, 18:34 +0200.