LinuxQuestions.org - Can I log SU attemtps in RedHat ES4?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Can I log SU attemtps in RedHat ES4? (https://www.linuxquestions.org/questions/linux-security-4/can-i-log-su-attemtps-in-redhat-es4-682908/)

seansolina

11-12-2008 09:57 AM

Can I log SU attemtps in RedHat ES4?

Are the SU attemtps logged in RedHat ES4? Can I enable logging? Where does it log to?

TB0ne

11-12-2008 11:23 AM

Quote:

Originally Posted by seansolina (Post 3339567)

Are the SU attemtps logged in RedHat ES4? Can I enable logging? Where does it log to?

They can be logged. Logging is controlled via the /etc/syslog.conf file (could be syslog-ng.conf, too..). You can send all events to one file, or to different files, depending on the event level. LOTS of info on setting up syslog, too much to go into here, but easily found on Google. It can log anywhere you tell it to.

anomie

11-12-2008 11:39 AM

I believe RHEL should already be logging su attempts (as part of a default installation) to /var/log/messages. (AFAIK, this is handled by the pam_succeed_if module.)

All times are GMT -5. The time now is 09:33 AM.