Enable Write Logout On Switch User

Asset ID:	1-71-2137678.1
Update Date:	2016-09-26
Keywords:

Solution Type Technical Instruction Sure

Solution 2137678.1 : Enable Write Logout On Switch User

Applies to:

Oracle SuperCluster T5-8 Hardware - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.

Goal

how to monitor user switch operation through "su" command

Solution

The sulog file lists every use of the switch user (su) command, not only the su attempts that are used to switch from user to root.

The su logging in this file is enabled by default through the following entry in the /etc/default/su file:

SULOG=/var/adm/sulog

Before the start, the root role is mandatory. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

Monitor the contents of the /var/adm/sulog file on a regular basis.

  # more /var/adm/sulog
  SU 12/20 16:26 + pts/0 stacey-root
  SU 12/21 10:59 + pts/0 stacey-root
  SU 01/12 11:11 + pts/0 root-rimmer
  SU 01/12 14:56 + pts/0 jdoe-root
  SU 01/12 14:57 + pts/0 jdoe-root

  The entries display the following information:

  The date and time that the command was entered.

  If the attempt was successful. A plus sign (+) indicates a successful attempt. A minus sign (-) indicates an unsuccessful attempt.

  The port from which the command was issued.

  The name of the user and the name of the switched identity.

References

http://docs.oracle.com/cd/E36784_01/html/E36882/sulog-4.html

Attachments

This solution has no attachment