LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-15-2007, 05:37 AM   #1
Craig Whiteman
LQ Newbie
 
Registered: Oct 2007
Posts: 2

Rep: Reputation: 0
Output from PAM


The company I work for is moving from a HP Unix system to a Red Hat 4.5 Enterprise Linux system. On the existing system, all su attemps are logged and this is checked on a regular basis to see if there have been attempts to break into the system. This functionality needs to be replicated on the Linux system.

The Linux system is using PAM for authentication. Is there a log of all su attempts? Is there any configuration required to create such a log?

The system is using the default RH 4.5 EL PAM su configuration:

#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required /lib/security/$ISA/pam_wheel.so use_uid
auth required /lib/security/$ISA/pam_stack.so service=system-auth
account required /lib/security/$ISA/pam_stack.so service=system-auth
password required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session required /lib/security/$ISA/pam_selinux.so close
session required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session required /lib/security/$ISA/pam_selinux.so open
session optional /lib/security/$ISA/pam_xauth.so
 
Old 10-15-2007, 11:57 AM   #2
ray_80
Member
 
Registered: Oct 2007
Posts: 75

Rep: Reputation: 15
Quote:
Originally Posted by Craig Whiteman View Post
The company I work for is moving from a HP Unix system to a Red Hat 4.5 Enterprise Linux system. On the existing system, all su attemps are logged and this is checked on a regular basis to see if there have been attempts to break into the system. This functionality needs to be replicated on the Linux system.

The Linux system is using PAM for authentication. Is there a log of all su attempts? Is there any configuration required to create such a log?

The system is using the default RH 4.5 EL PAM su configuration:

#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required /lib/security/$ISA/pam_wheel.so use_uid
auth required /lib/security/$ISA/pam_stack.so service=system-auth
account required /lib/security/$ISA/pam_stack.so service=system-auth
password required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session required /lib/security/$ISA/pam_selinux.so close
session required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session required /lib/security/$ISA/pam_selinux.so open
session optional /lib/security/$ISA/pam_xauth.so
Depends on your syslog configuration. In the mean time did you try:

last -adix

man last

Regards
 
Old 11-15-2007, 03:32 AM   #3
Craig Whiteman
LQ Newbie
 
Registered: Oct 2007
Posts: 2

Original Poster
Rep: Reputation: 0
It was the syslogd configuration - the facility auth had been removed from syslog.conf so all of the su messages were being discarded.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
About PAM shipon_97 Linux - Security 1 04-01-2006 12:26 AM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-23-2004 12:07 AM
Via AC'97 5.1 Optical Output or Audigy 4.1 Output Nza Fedora 3 06-01-2004 08:49 AM
the sound gives output when using mic but no output when run a music file medo Debian 0 04-19-2004 08:17 PM
why no PAM? buttnutt Slackware 1 11-29-2002 12:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration