SUMMARY :Tracking logout times

From: Darren Moulding <>
Date: Mon Apr 15 2002 - 05:30:44 EDT
Thanks to the following for replying to my question

Theodore Tickell
Charles Homan
Mike Salehi
John Julian
Michael DeSimone
Edward Scown
Mike Demarco
Callum Hughes
Andrew Stueve
Brent Reich
John Leadeham

Whilst most suggested 'last' or 'sudo', these had already been investigated
and eliminated.
'last' could potentially be used in a script, although I was initially after
something a little more dynamic.
'sudo' a good and viable alternative, but we eliminated due to the
administration overhead as this soltion would be rolled out over several

Another suggestion to us C2 security, but this was eliminated due to the CPU
overhead and administration of the logs (V. Big logs).

Setting up individual root accounts with uid 0 ie rootxxx.

The following are the 2 I will investigate as they both look like they could
provide the result I require.
adding a trap to the root .profile
setting an alias in the .profile

Thanks to John Julian & Brent Reich for these suggestions.

Once again, thank you all for your advice on this matter.

Darren Moulding



> Thanks for those who replied very quickly, although I think I did not make
> my initial dilemma clear enough. Various people will su to the root
> account, from this point I will need to audit who & why with logon dates &
> times. It's when this person exits from the root account, back to there
> initial logon I need to gather this time. Whilst last will give me all the
> times of the root account logons, it will not identify who used each
> session. 
> Regards
> Darren
> Original Mail
> Hi,
> I need to setup a form of auditing as people access our privelaged
> accounts (ie root, oracle). I will be creating a seperate database to
> track usage, but I am struggling to obtain 1 piece of Information to
> complete the log. This is the logout time of the session.
> I want to be able to track/script the time any user enters 'exit' or 'ctr
> D' etc (leaves the root session). Does anyone have any tips to help me
> acheive this.
> Regards
> Darren Moulding

The information contained in this e-mail message is intended
only for the individuals named above.  If you are not the 
intended recipient, you should be aware that any 
dissemination, distribution, forwarding or other duplication 
of this communication is strictly prohibited.  The views 
expressed in this e-mail are those of the individual author 
and not necessarily those of 
Securicor Information Systems Limited.  
Prior to taking any action based upon this e-mail message 
you should seek appropriate confirmation of its authenticity.
If you have received this e-mail in error, please immediately 
notify the sender by using the e-mail reply facility.

This message has been checked for all known viruses on behalf of Securicor Information Systems by the MessageLabs. For further information visit or Email:

sunmanagers mailing list
Received on Mon Apr 15 05:38:53 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:40 EST