Information Technology Reference
In-Depth Information
Restricting the root login to the console forces anyone accessing the supe-
ruser account remotely to log in with a regular system account and then to
use the
su(1M)
command to become the superuser. The
su
command can be
monitored and logged into several ways. The
/etc/default/su
file controls
this monitoring and logging.
The use of the
su
command can be displayed on the system console by
enabling the following entry in the
/etc/default/su
file. You do so by
removing the comment character (
#
) from the beginning of the line:
#CONSOLE=/dev/console
Both failed and successful attempts to use the
su
command are displayed on
the console. By default, the use of the
su
command is not displayed on the
console. To enable this feature, edit the
/etc/default/su
file and remove
the shell comment character (
#
) at the beginning of the entry. Note that this
entry is identical to the entry used in the
/etc/default/login
file to restrict
root login to the system console.
The following listing shows the messages displayed on the console for two
uses of the
su
command:
Jul 25 19:53:01 solaris9 su: 'su root' failed for ambro on /dev/pts/5
SU 07/25 19:53 + pts/5 ambro-root
Jul 25 19:53:45 solaris9 su: 'su root' succeeded for ambro on /dev/pts/5
The first line shows an unsuccessful attempt to become root on the system
named
solaris9
from the login
ambro
. The second and third lines show a
successful attempt to become the root. The messages that begin with a date
are displayed regardless of the
CONSOLE
entry in the
/etc/default/su
file.
The message beginning with
SU
is displayed as a result of the
CONSOLE
entry
in the
/etc/default/su
file being uncommented.
The use of the
su
command can be logged to a file dedicated for
su
logging
and through the system logging facility (syslog) by enabling (removing the
#
from) the following entry in the
/etc/default/su
file. (Although the default
file is shown here, any file can be used for the
sulog
.)
#SULOG=/var/adm/sulog
Both failed and successful attempts to use the
su
command are logged. By
default, the use of the
su
command is logged to the
sulog
. To disable this fea-
ture, edit the
/etc/default/su
file and add the shell comment character (
#
)
to the beginning of the entry.
The following listing shows the contents of the
/var/adm/sulog
file:
SU 07/18 12:46 + console root-daemon
SU 07/22 00:36 + pts/5 ambro-root