/var/log/secure captures su both successful and failed both equally
important ... but if you want an email you could set up a script to read
the log and trigger on a keyword. Presumably you have tied down the
people who have the ability to su to root (modifying PAM to use the
wheel group)
hope this is useful,
Bill
Marcos Aurelio Rodrigues wrote:
You can do that using rsyslog or sec and a good regex.
[]s
Marcos
On Fri, Mar 13, 2009 at 10:43 AM, Anne Moore <diabeticithink@xxxxxxxxx>wrote:
HI All,
Does anyone know how I'd make an automatic email fly off every time a user
SU's to root? We're have security issues, and we're needed to track it.
Thank you for your assistance with this.
Anne
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
