System Security and File Permissions - Solaris 9 System Administrator

Information Technology Reference

In-Depth Information

Restricting the root login to the console forces anyone accessing the supe-

ruser account remotely to log in with a regular system account and then to

use the su(1M) command to become the superuser. The su command can be

monitored and logged into several ways. The /etc/default/su file controls

this monitoring and logging.

The use of the su command can be displayed on the system console by

enabling the following entry in the /etc/default/su file. You do so by

removing the comment character ( # ) from the beginning of the line:

#CONSOLE=/dev/console

Both failed and successful attempts to use the su command are displayed on

the console. By default, the use of the su command is not displayed on the

console. To enable this feature, edit the /etc/default/su file and remove

the shell comment character ( # ) at the beginning of the entry. Note that this

entry is identical to the entry used in the /etc/default/login file to restrict

root login to the system console.

The following listing shows the messages displayed on the console for two

uses of the su command:

Jul 25 19:53:01 solaris9 su: 'su root' failed for ambro on /dev/pts/5

SU 07/25 19:53 + pts/5 ambro-root

Jul 25 19:53:45 solaris9 su: 'su root' succeeded for ambro on /dev/pts/5

The first line shows an unsuccessful attempt to become root on the system

named solaris9 from the login ambro . The second and third lines show a

successful attempt to become the root. The messages that begin with a date

are displayed regardless of the CONSOLE entry in the /etc/default/su file.

The message beginning with SU is displayed as a result of the CONSOLE entry

in the /etc/default/su file being uncommented.

The use of the su command can be logged to a file dedicated for su logging

and through the system logging facility (syslog) by enabling (removing the #

from) the following entry in the /etc/default/su file. (Although the default

file is shown here, any file can be used for the sulog .)

#SULOG=/var/adm/sulog

Both failed and successful attempts to use the su command are logged. By

default, the use of the su command is logged to the sulog . To disable this fea-

ture, edit the /etc/default/su file and add the shell comment character ( # )

to the beginning of the entry.

The following listing shows the contents of the /var/adm/sulog file:

SU 07/18 12:46 + console root-daemon

SU 07/22 00:36 + pts/5 ambro-root

Search WWH ::

Custom Search

Home