[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] AIX 5.3 sshd logins and sudo

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] AIX 5.3 sshd logins and sudo
From: "Carlos Eduardo Pedroza Santiviago" <segfault@xxxxxxxxxxxxxxx>
Date: Tue, 9 Oct 2007 09:56:48 -0300
Authentication-results: mx.google.com; spf=pass (google.com: domain of segfault@xxxxxxxxx does not designate 64.233.182.188 as permitted sender) smtp.mail=ossec-list+caf_=ossec-list=googlegroups.com@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Authentication-results: mx.google.com; spf=pass (google.com: domain of segfault@xxxxxxxxx designates 209.85.198.185 as permitted sender) smtp.mail=segfault@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Content-transfer-encoding: base64
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=8kij+A2T6Y8SLYPmXV05DVir6g4fXafXVusTB4tDh2E=; b=QTLpf0hr5eXjcHoTWCttjyKDzfYEiMmMak7SVQu+eQXPEWS9KtjdclSp4GUwTjJsRHlEInEptKwoXqlYll6YyjgomRXoiIDfIO5KenMtePpC2oVbteuX4WqPJuO1VAzwm67TiX0NiXfDfqehsnA9uKiupzsM+eUgFBK9cIg/K5c=

Hi,

Below is an output of my sshd logins, its currently an AIX 5.3:

Oct  9 09:50:40 MACHINE auth|security:info sshd[229596]: Accepted
password for USER from 172.29.14.41 port 55839 ssh2

After that, i issue a "sudo su", and then it gets logged as:

Oct  9 09:50:41 MACHINE auth|security:notice sudo:  USER : TTY=pts/22
; PWD=/home/USER ; USER=root ; COMMAND=/usr/bin/su
Oct  9 09:50:41 MACHINE auth|security:notice su: from root to root at
/dev/pts/22

Could this be added as a standard rule or should i create a customized
version here?

More information about the system:

(MACHINE:/var/log)$ uname -a
AIX MACHINE 3 5 00C3541E4C00
(MACHINE:/var/log)$ oslevel -r
5300-04

thank you,
-- 
Carlos Eduardo Pedroza Santiviago
http://softwarelivre.net | Passo-a-passo rumo à liberdade!

Follow-Ups:
- [ossec-list] Re: AIX 5.3 sshd logins and sudo
  - From: Carlos Eduardo Pedroza Santiviago
- [ossec-list] Re: AIX 5.3 sshd logins and sudo
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: Problem on email notification
Next by Date: [ossec-list] Re: AIX 5.3 sshd logins and sudo
Previous by thread: [ossec-list] Re: Problem on email notification
Next by thread: [ossec-list] Re: AIX 5.3 sshd logins and sudo
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.