For auditing purposes, it could be useful to know who was switching to the root user or vice versa. You can find this type of information in the /var/adm/sulog file. Here's an example of its output.
# cd /var/adm
# more sulog | more
SU 05/27 22:29 + pts/5 root-esofthub
SU 05/27 22:59 + pts/9 root-topbloglists
SU 05/29 23:45 + pts/6 esofthub-root
SU 05/29 23:46 + pts/6 root-freeadlists
SU 05/29 23:49 + pts/6 root-esofthub
SU 05/30 22:02 + pts/6 root-freeadlists
SU 05/30 22:14 + pts/3 esofthub-root
SU 06/02 19:40 + pts/3 root-esofthub
SU 06/02 19:44 + pts/3 esofthub-root
SU 06/16 23:37 + pts/3 root-esofthub3
SU 06/17 20:57 + pts/8 root-esofthub
SU 06/17 21:12 + pts/8 esofthub-root
SU 06/22 20:31 + pts/7 root-freeadlists
No comments:
Post a Comment