sulog check

sulog check

Post by John D. McCalp » Thu, 02 Aug 1990 13:36:00

In response to the following request:

!    Let's say I want to output any line from the sulog that indicates that a
! user other than root, news or me attempted to su.  The format of the sulog
! records is:
!     SU 08/05 09:30 + tty02 msi-root
!  (awk script was included here)

There was a recent reply:

Quote:>  Unless there is more to your awk script than simply writing out the
>offending lines, what's wrong with:
>  `egrep -v "root|news|mel" /usr/adm/sulog`

This contains a very serious bug !!!
For example, the line:
     SU 08/05 09:30 + tty02 pirate-root
would NOT BE FLAGGED because it contains the string 'root' !
A correct egrep command is:
        egrep -v 'root-|new-|me-' /usr/adm/sulog

I have this in a shell script that is executed by my login file.
It is run with the setuid attribute because /usr/adm/sulog is not publicly
readable. I am working on a version that would take its userlist from a
file, or perhaps from a group list in /etc/group, but this works fine as is.

John D. McCalpin


1. sulog? WHAT sulog?

    Hmmmm, I keep seeing references to an "sulog", which keeps a record of attempts to su.

Now, that would be a handy thing to have. I run RedHat 6.0 here, and it doesn't DO that.

What do I need to do to get that started, please?

thanks, Ray

Ray R. Jones
The Computer Shop

2. How to get a scroll mouse working in RH8.0??

3. Preventing access to sulog to UID=0 users possible?

4. How do you capture messages at boot time?

5. how to enable sulog on linux ?

6. select()

7. SULOG not working ??????

8. Apache1.3.2 Segmentation Fault

9. Wanted: multiplatform shell script for parsing lastlog and sulog

10. SULOG in new version of SCO

11. limiting ps ; sulog

12. Wanted: multiplatform shell script for parsing lastlog and sulog

13. sulog?