In response to the following request:
! Let's say I want to output any line from the sulog that indicates that a
! user other than root, news or me attempted to su. The format of the sulog
! records is:
! SU 08/05 09:30 + tty02 msi-root
! (awk script was included here)
There was a recent reply:
This contains a very serious bug !!!Quote:> Unless there is more to your awk script than simply writing out the
>offending lines, what's wrong with:
> `egrep -v "root|news|mel" /usr/adm/sulog`
For example, the line:
SU 08/05 09:30 + tty02 pirate-root
would NOT BE FLAGGED because it contains the string 'root' !
A correct egrep command is:
egrep -v 'root-|new-|me-' /usr/adm/sulog
I have this in a shell script that is executed by my login file.
It is run with the setuid attribute because /usr/adm/sulog is not publicly
readable. I am working on a version that would take its userlist from a
file, or perhaps from a group list in /etc/group, but this works fine as is.
John D. McCalpin