Page 2 of 2

Re: failed "su -" are not logged to /var/log/authlog

Posted: 2021/02/01 07:25:02
by Whoever
sml wrote:
2021/01/29 16:25:56
Check the contents of /etc/pam.d/su-l. By default, it should just include su. In this case, only records of type auth are relevant. Follow and resolve all the include/substack chains. Find out what is it about the server in question that is configured differently from the other server.

Code: Select all

grep ^auth /etc/pam.d/{su-l,su,system-auth,postlogin}
Start with:

Code: Select all

rpm -V $(rpm -q --whatprovides /etc/pam.d/* | sort|uniq)