Thanks to the following for replying to my question Theodore Tickell Charles Homan Mike Salehi John Julian Michael DeSimone Edward Scown Mike Demarco Callum Hughes Andrew Stueve Brent Reich John Leadeham Whilst most suggested 'last' or 'sudo', these had already been investigated and eliminated. 'last' could potentially be used in a script, although I was initially after something a little more dynamic. 'sudo' a good and viable alternative, but we eliminated due to the administration overhead as this soltion would be rolled out over several customers. Another suggestion to us C2 security, but this was eliminated due to the CPU overhead and administration of the logs (V. Big logs). Setting up individual root accounts with uid 0 ie rootxxx. The following are the 2 I will investigate as they both look like they could provide the result I require. adding a trap to the root .profile setting an alias in the .profile Thanks to John Julian & Brent Reich for these suggestions. Once again, thank you all for your advice on this matter. Regards Darren Moulding ORIGINAL QUESTION > Thanks for those who replied very quickly, although I think I did not make > my initial dilemma clear enough. Various people will su to the root > account, from this point I will need to audit who & why with logon dates & > times. It's when this person exits from the root account, back to there > initial logon I need to gather this time. Whilst last will give me all the > times of the root account logons, it will not identify who used each > session. > > Regards > Darren > > Original Mail > > > Hi, > > I need to setup a form of auditing as people access our privelaged > accounts (ie root, oracle). I will be creating a seperate database to > track usage, but I am struggling to obtain 1 piece of Information to > complete the log. This is the logout time of the session. > > I want to be able to track/script the time any user enters 'exit' or 'ctr > D' etc (leaves the root session). Does anyone have any tips to help me > acheive this. > > Regards > Darren Moulding > > ********************************************************************** The information contained in this e-mail message is intended only for the individuals named above. If you are not the intended recipient, you should be aware that any dissemination, distribution, forwarding or other duplication of this communication is strictly prohibited. The views expressed in this e-mail are those of the individual author and not necessarily those of Securicor Information Systems Limited. Prior to taking any action based upon this e-mail message you should seek appropriate confirmation of its authenticity. If you have received this e-mail in error, please immediately notify the sender by using the e-mail reply facility. ********************************************************************** _____________________________________________________________________ This message has been checked for all known viruses on behalf of Securicor Information Systems by the MessageLabs. For further information visit http://www.messagelabs.com or Email: mailsweeper.info_at_sis.securicor.co.uk _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Apr 15 05:38:53 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:40 EST