Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Detect and report on root access
0 views
Skip to first unread message
stev...@gmail.com
Jun 4, 2009, 4:55:27 AM6/4/09
to
Hi,
I've been tasked with detecting, and reporting via email or snmp, on
the following events:-
* All root access to our server, either via 'su' or ssh (telnet is
disabled)
* All failed logon attempts regardless of user id
I've been tasked with detecting, and reporting via email or snmp, on
the following events:-
* All root access to our server, either via 'su' or ssh (telnet is
disabled)
* All failed logon attempts regardless of user id
I have set up a script in crontab that will search /var/adm/syslog
and /var/adm/sulog and report on the required events for the previous
day. It works, but it would be much better if it would work in real
time. Is there an option to do this in real time?
I have experience of Linux, but Sco Unix is still new to me. I'd
expected the output of the 'last' command to be of use, but it only
reports on access for today - previous days aren't there. I assume
this is a config setting.
Output from uname -a 'UnixWare SCO002 5 7.1.4 i386 x86at SCO
UNIX_SVR5'
Thanks in advance, Steve.
boni...@gmail.com
Jun 5, 2009, 2:07:16 AM6/5/09
to
Steve,
have a look at:
http://uw714doc.sco.com/en/Navpages/SECaudit.html
for one method you can use to track these events.
John
0 new messages