[Gllug] SULOG
David Irvine
co2cool at yahoo.com
Fri Nov 2 02:00:58 UTC 2001
On Thu, 2001-11-01 at 18:01, tet at accucard.com wrote:
>
> >The man page is pretty much empty and the info page mentions syslog
> >but not the sulog. Any one got any ideas?
>
> A simple solution is to rename your su binary to something hidden
> (e.g., /usr/bin/.foobar), and put a wrapper script in its place
> that logs each attempt to su and then calls the real (hidden) su
> binary.
>
> It's not foolproof, and someone might find the hidden binary either
> by stumbling across it by accident, or by deliberately searching for
> setuid root files on the whole filesystem. But it'll track 99.9% of
> all people using su.
>
You could take that a bit further and write it into the su code so that
anybody who su's would be logged.
HTH
David
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list