How to Monitor Who Is Using the su Command (System Administration Guide: Security Services)

System Administration Guide: Security Services

How to Monitor Who Is Using the `su` Command

Become superuser or assume an equivalent role.

Monitor the contents of the /var/adm/sulog file on a regular basis.

# more /var/adm/sulog
SU 12/20 16:26 + pts/0 nathan-root
SU 12/21 10:59 + pts/0 nathan-root
SU 01/12 11:11 + pts/0 root-joebob
SU 01/12 14:56 + pts/0 pmorph-root
SU 01/12 14:57 + pts/0 pmorph-root

© 2010, Oracle Corporation and/or its affiliates