Friday, June 22, 2007

User Switching to root or root Switching to User

For auditing purposes, it could be useful to know who was switching to the root user or vice versa. You can find this type of information in the /var/adm/sulog file. Here's an example of its output.

# cd /var/adm
# more sulog | more
SU 05/27 22:29 + pts/5 root-esofthub
SU 05/27 22:59 + pts/9 root-topbloglists
SU 05/29 23:45 + pts/6 esofthub-root
SU 05/29 23:46 + pts/6 root-freeadlists
SU 05/29 23:49 + pts/6 root-esofthub
SU 05/30 22:02 + pts/6 root-freeadlists
SU 05/30 22:14 + pts/3 esofthub-root
SU 06/02 19:40 + pts/3 root-esofthub
SU 06/02 19:44 + pts/3 esofthub-root
SU 06/16 23:37 + pts/3 root-esofthub3
SU 06/17 20:57 + pts/8 root-esofthub
SU 06/17 21:12 + pts/8 esofthub-root
SU 06/22 20:31 + pts/7 root-freeadlists

No comments: