Hi,
What's the best way to turn on the auditing in AIX 4.3? I'm in an environment where root password are shared with many users.
Can sudoers member be audited properly?
Thanks
Sorry, but i think you are asking the "wrong question":
"auditing" is a feature in AIX, which you may or may not to switch on. I suppose you probably won't need it.
What do you want to achieve? Please tell us some of the requirements and we eventually could tell you what is needed to fulfill them.
"sudo" can be brought to log any usage of "su", but of course anybody with the possibility of becoming root will be able to circumvent the logging-mechanism given sufficient intent and sufficient effort.
What you could do is (this is just a sketch!):
1) set up a logging server. Login on this server is prohibited save for the person checking the logs.
2) disable root login and "su - root" on the servers you want to audit.
3) allow "su - root" through sudo. Put the mechanism into a small script, which not only issues the "sudo su ...." command but also sends a log entry to the logging server mentioned in 1). This prevents the log files from being altered by the people becoming root on the machine under audit. (If you'd save it somewhere on the same machine root would be able to edit them.)
bakunin