Hello,
we are serching how to logging into a system log the commands executed
from an userid in " su - " mode to root.
A good record log format is like that obtained using sudo (with log
enabled) :
Jun 30 14:22:16 : it32673 : TTY=pts/1 ; PWD=/home/it32673 ; USER=root ;
COMMAND=/bin/df -h
...where "it32673" is the user that has launched the COMMAND=.
Do you know if there is specific rules of PAM (etc/pam.d/su ?) to do it
(i.e. adding specific call, increasing the debug..) or by setting
system parameter ?
The system already log in /root/.bash_history all the executed cmds
(the same is done for each userid..) an we can set some variable of
history function as for example to write timestamp. Perhaps it must be
still developed, but do you think that it could be possible to rotate
these informations to the "system log", at least for users with UID
0-99 also working in "su " mode ?
os: Linux SLES9 - SLES10
Cordiali saluti / Best regards
Marco Bosisio
IBM Italia S.p.A.
Sede Legale: Circonvallazione Idroscalo - 20090 Segrate (MI)
Cap. Soc. euro 400.001.359
C. F. e Reg. Imprese MI 01442240030 - Partita IVA 10914660153
Società soggetta all?attività di direzione e coordinamento di
International Business Machines Corporation
(Salvo che sia diversamente indicato sopra / Unless stated otherwise
above)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
