How to log valid and invalid su attempts
1 view
Skip to first unread message
Dan
Nov 17, 2009, 3:29:42 PM11/17/09
to ossec-dev
I have OSSIM 2.1 set up and running well. (www.ossim.net for anyone
not familiar)
I was watching the "Real Time" SIM Events today when I logged into my
OSSIM box. When I typed 'su' and the password, an event showed up on
the real time alarm that sudo was successful.
Does anyone know how to make that show up when someone tries to 'su'
on my other Sun boxes? I tried setting up a policy for it using the
"sudo" plugin from the Plugins Group, but I never see it show up from
the other machines. I do have OSSEC running on all of the Sun boxes.
Thanks in advance.
not familiar)
I was watching the "Real Time" SIM Events today when I logged into my
OSSIM box. When I typed 'su' and the password, an event showed up on
the real time alarm that sudo was successful.
Does anyone know how to make that show up when someone tries to 'su'
on my other Sun boxes? I tried setting up a policy for it using the
"sudo" plugin from the Plugins Group, but I never see it show up from
the other machines. I do have OSSEC running on all of the Sun boxes.
Thanks in advance.
Reply all
Reply to author
Forward
0 new messages