[Gllug] SULOG
tet at accucard.com
tet at accucard.com
Thu Nov 1 18:01:13 UTC 2001
>The man page is pretty much empty and the info page mentions syslog
>but not the sulog. Any one got any ideas?
A simple solution is to rename your su binary to something hidden
(e.g., /usr/bin/.foobar), and put a wrapper script in its place
that logs each attempt to su and then calls the real (hidden) su
binary.
It's not foolproof, and someone might find the hidden binary either
by stumbling across it by accident, or by deliberately searching for
setuid root files on the whole filesystem. But it'll track 99.9% of
all people using su.
Tet
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list