VINOD MORE
asked on
Script to capture all root logins
Hi experts
Require script to capture all root logins, through su - or direct login with root.
OS - CentOS 7
Require script to capture all root logins, through su - or direct login with root.
OS - CentOS 7
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
Actually you can use The linux auditing system which is installed by default on a new CentOS 7 Droplet.
Described here: https://linux-audit.com/configuring-and-auditing-linux-systems-with-audit-daemon/
Cheers
Actually you can use The linux auditing system which is installed by default on a new CentOS 7 Droplet.
Described here: https://linux-audit.com/configuring-and-auditing-linux-systems-with-audit-daemon/
Cheers
I run Ubuntu, so /var/log/auth.log is where these message end up.
With CentOS /var/log/secure is usually the equivalent file.
For su + sudo.
With Ubuntu /var/log/auth.log for these too.
With CentOS /var/log/secure is usually the equivalent file for both these too.
You can find out for sure by tail -f /var/log/secure + login with ssh + sudo + su + ensure all three log to this file.
If logging is going to some other file, use inotifywait -qmr /var/log to easily determine which file is logging this info.