SUMMARY: command auditing in C2
My original question was:
How can I do to audit logins and su attempts in C2?
Thanks a lot to Steve Butcher
Stephen.S.J.Butcher_at_Warton.mad.bar.eurokom.ie
who answered promptly and
right on track!
The following is a transcript
of his response:
In directory /var/adm there should be a file called sialog. This file is
not created for you when you install the system. If you 'touch' sialog you
will find that this file will be updated when anyone attempts to 'su'.
Also in directory /var/adm/syslog.dated you should find seven directories.
Each of these directories should have a name that relates to it's creation
date and time. For example on one of my machines the contents of this
directory are :-
16-Aug-13:13 18-Aug-13:13 19-Aug-15:28 21-Aug-15:28
17-Aug-13:13 18-Aug-15:28 20-Aug-15:28
In these directories there are various log files which should give you even
more audit details. These logfiles are :-
auth.log kern.log mail.log user.log
daemon.log lpr.log syslog.log
If you wish to keep any of the above logfiles you should move them to
another area as one of the standard crontab entries will remove the oldest
of these directories every day.
Received on Tue Aug 22 1995 - 21:08:03 NZST