Re: failed "su -" are not logged to /var/log/authlog
Posted: 2021/02/01 07:25:02
Start with:sml wrote: ↑2021/01/29 16:25:56Check the contents of /etc/pam.d/su-l. By default, it should just include su. In this case, only records of type auth are relevant. Follow and resolve all the include/substack chains. Find out what is it about the server in question that is configured differently from the other server.Code: Select all
grep ^auth /etc/pam.d/{su-l,su,system-auth,postlogin}
Code: Select all
rpm -V $(rpm -q --whatprovides /etc/pam.d/* | sort|uniq)