Re: loggin 'su'
Pere Camps wrote: Hi! Is there any way to log with syslog all attepts (good bad) to user 'su' ? TIA! -- p. -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null You might want to disable su and have users use sudo. that logs to syslog. if they really need su they can do: sudo sh to get a root shell. then can su to another user from there. This has the advantage that you need to individually allow each account to use sudo, so no one that you don't specifically let use it can. --Evan -- Evan Van Dyke E-mail: [EMAIL PROTECTED] Page: [EMAIL PROTECTED] ICQ#: 15442232 DNRC's Minister of Lost Internet Packets. O- Amateur Radio Call Sign: KB8PVEElder ResCon at Northwestern GCS/S d+(-) s:+ a--- C UH+I++LS++V P+ L+++ E W++ N++ w-- O- M-- !V PS+ PE+ Y+ PGP t+ 5+++ X+ R+ tv+ b+++ DI D+ g e h !r y- Quoth the Raven... 'Nevermore!' --Edgar Allen Poe I'll bet that all you can do is watch the ball bounce around the screen. --Dilbert to Management
Re: loggin 'su'
Steve, By default all these attempts are logged to the /var/log/auth.log. I suppose that if you wanted to, you could edit the /etc/syslog.conf file and change the log choice for auth,authpriv.* from /var/log/auth.log to /var/log/syslog. The problem was that slink's 'su' doesnt log anything. You have to compile it by yourself. See the other postings in this thread. cu! -- p.
loggin 'su'
Hi! Is there any way to log with syslog all attepts (good bad) to user 'su' ? TIA! -- p.
Re: loggin 'su'
Subject: loggin 'su' Date: Fri, Jun 11, 1999 at 09:28:47AM +0200 In reply to:Pere Camps Quoting Pere Camps([EMAIL PROTECTED]): Hi! Is there any way to log with syslog all attepts (good bad) to user 'su' ? TIA! If you can, it would be in the manual page, right. man syslog.conf. -- User n.: A programmer who will believe anything you tell him. ___ Wayne T. Topa [EMAIL PROTECTED]
Re: loggin 'su'
Wayne, If you can, it would be in the manual page, right. man syslog.conf. I've already looked, but nothing's show. I don't mind if it's not via syslogd. cu! -- p.
Re: loggin 'su'
Is there any way to log with syslog all attepts (good bad) to user 'su' ? If you can, it would be in the manual page, right. man syslog.conf. Actually, in this case it's not in any manpage. There was a behjavior change at the hamm/slink transition- hamm su would log to syslog, slink su would not. I researched this, and discoverd that the issue is some compile-time definitions that the newer su.c files need in order to activate syslog activity. The makefile doens't enable them, so su doesn't do syslog logging. There are some bugs filed against this, but I am not sure what their status is. I have some steps below to fix su. Use caution in following the steps below. Don't blame me if you break something, and be ready to log in on the console in case you break su. T y p e s l o w l y . Here is what I did to fix su: 1) download the appropriate version of the source code for the shellutils package. You need the .orog.tar.gz , the .diff.gz, and the .dsc from the debian server. 2) put these three files in some dir under /usr/src, and cd there. Then run # dpkg-source -x shellutils_VER.dsc This will unpack the tar file and patch it. 2) cd to shellutils-VER and run ./configure cd to src and open su.c in an editor. Add the following three lines at the very top, before the comment: #define SYSLOG_SUCCESS 1 #define SYSLOG_FAILURE 1 #define SYSLOG_NON_ROOT 1 they need to be flush with the left margin. 3) # cd .. # cd lib # make all # cd .. # cd intl # make all # cd .. # cd src # make su # chmod 4755 su # test su until you are happy with it # mv /bin/su /bin/su.debian # chmod 700 /bin/su.debian # cp su /bin # ensure /bin/su still works I suppose you could run debian/rules binary from the top of the source tree to generate a debian package, and then iat, if you don't like to run make by hand. However, this will also remake all the other shellutils, so the compile time will be longer carl