failed "su -" are not logged to /var/log/authlog

Support for security such as Firewalls and securing linux
Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: failed "su -" are not logged to /var/log/authlog

Post by Whoever » 2021/02/01 07:25:02

sml wrote:
2021/01/29 16:25:56
Check the contents of /etc/pam.d/su-l. By default, it should just include su. In this case, only records of type auth are relevant. Follow and resolve all the include/substack chains. Find out what is it about the server in question that is configured differently from the other server.

Code: Select all

grep ^auth /etc/pam.d/{su-l,su,system-auth,postlogin}
Start with:

Code: Select all

rpm -V $(rpm -q --whatprovides /etc/pam.d/* | sort|uniq)

Post Reply