No I don't have a script to monitor us of su. However, I think it can be done
without too much trouble. Perhaps there are others out there that can provide a
starting point for such a script.
[EMAIL PROTECTED] wrote:
> guys thanks for the reply !!
>
> btw... rw2
>
> do u have an example of the script ur talking about...
> actually we did changing the permission.. but the problem is we cant also
> used that command... what permission should i put??
>
> thanks in advance!!
>
> ghem
>
> On 10 Nov 1999 [EMAIL PROTECTED] wrote:
>
> > Robert Haehnel <[EMAIL PROTECTED]> writes:
> >
> > > I'm not sure you want to limit use of su. A mere user can use it to switch
> > > to other user accts if it is warrented. It is too handy a tool to limit use
> > > of it, what you might want to do it work up a script to log who is using it
> > > and what accts they are switching to.
> > >
> > > The best protection against abuse of su is good password administration
> > > (especially root passwords).
> >
> > Yes, but limiting su on heavily trafficed systems is still a good
> > thing as it slows an intruders ability to exploit the knowledge they
> > have.
> >
> > Why not just change the permissions on su (or your su wrapper that is
> > tracking usage) and make the users you want to allow members of a
> > group (e.g. admin, powerusers).
> >
> > rw2
> >
> > --
> > Logically, life must be possible in the Universe.
> > Else you would not be here.
> > Assuming you are.
> >
--
Robert B. Haehnel
Ice Engineering Research Division
Cold Regions Research and Engineering Laboratory
72 Lyme Road
Hanover, NH 03755-1290
Phone: (603)646-4325
Fax: (603)646-4477
e-mail: [EMAIL PROTECTED]
web: http://www.crrel.usace.army.mil
