Hi all!
I have a question about a file in the /var/adm/syslog.dated directory,
auth.log. In this file I find lines such as this:
Mar 12 15:18:13 MissouriEmployers su: SU root on /dev/ttyp5
Mar 12 14:55:09 MissouriEmployers su: SU sspaldin on /dev/ttyq7
Mar 12 14:48:51 MissouriEmployers su: SU sspaldin on /dev/ttyq7
Mar 12 14:48:44 MissouriEmployers su: BADSU sspaldin on /dev/ttyq7
Mar 12 14:48:40 MissouriEmployers su: BADSU sspaldin on /dev/ttyq7
To me, this looks like attempts to log in as root and whether or not the
attempts are successful (SU for successful and BADSU for unsuccessful). I
cannot find any documentation verifying this, so that's why I say that is
what it looks like to me. Can I get anyone to verify this for me, or if
this is truly not what I am looking at, then what is it?
The reason why I am asking this is because if these are attempts to log
in as root that I am seeing, I am going to write a script to notify me on
a daily basis of successful/unsuccessful login attempts as root.
Thanks!
Stephen Spalding
sspaldin_at_mem-ins.com
Missouri Employers Mutual Insurance
Received on Sat Mar 14 1998 - 23:44:29 NZDT