Solved

RHEL su logging

Posted on 2013-01-24
7
260 Views
Last Modified: 2013-02-01
My system has RHEL 3,4,5. If 2 users su to another account at the same time, how do I log activities of each user after su? Does audit.log log this scenario? This is needed to provide traceability and accountability for the system security.
0
Comment
Question by:Elyutah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 38816493
Check the log

/var/log/secure

Users should use sudo to su to other users.  Sudo keeps logs for any  commands issued.  However for RHEL3 sudo is too old and will not log very well.
0
 

Author Comment

by:Elyutah
ID: 38816552
/var/log/secure only logs when the users su to another account, but not commands issued by them after they become another user.
0
 

Author Comment

by:Elyutah
ID: 38816602
The problem with using sudo su is that X11 being disabled. The users need to bring up a GUI to run the system.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 31

Expert Comment

by:farzanj
ID: 38816862
GUI control will be based on your desktop.  What kind of desktop do you have?

Sudo will still work really good with GUI.  You said the users need to execute commands, they don't need to get to the GUI of other users.  In their GUI command prompt, they can still issue commands using sudo for some other user.  They do not need to login as another user.  All the commands will thus be logged.  Making sense?
0
 
LVL 78

Expert Comment

by:arnold
ID: 38817507
What reason would an Admin need to run commands as another user (presumably not elevated rights)?
Could you provide the scenario you are dealing with?

how is the user who will be running those commands interfaces with the system?
i.e. the user using GUI to login, then opens a terminal/xterm window
runs sudo/su and then would like a graphical command sent back to the desktop?
You could use xhost + or set DISPLAY to redirect the SUDO/SU GUI back to the desktop
export DISPLAY=localhost:0.0
0
 

Author Comment

by:Elyutah
ID: 38828561
Here is the scenario: the original system used a group account (ga) who a matlab license is granted. We are required to eliminate the ga by implementing individual user accounts. However, the matlab license is not going to be updated until later. In the mean time, the users need to switch to the ga and bring up a console GUI to run tasks required matlab.  We are approved to use 'su' but need to provide traceability. Other tasks can be done within the individual user accounts.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 38829471
Sudo is the tool to use with those users only have su - ga as the only permitted command
Run this command from an xterm and it should preserve the DISPAY .
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
block mails from a particular country in postfix 7 80
umask commands 5 18
how to write and save a unix script 12 38
Require Script-Linux 4 12
rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question