The su command by default makes an entry into the log file for every su command attempt. The following is a
single line from the file:
SU 12/18 23:20 + pts/1 user1-root
What does the + sign represent?
A.
unsuccessful attempt
B.
successful attempt
C.
The attempt was from a pseudo terminal, and not the console.
D.
The attempt was from a user that is in the adm group, same as root.
E.
Time zone is not set.
Explanation:
The sulog file, /var/adm/sulog, is a log containing all attempts (whether successful or not) of the su command.
An entry is added to the sulog file every time the su command is executed. The fields in sulog are: date, time,
successful (+) or unsuccessful (-), port, user executing the su command, and user being switched to. In the
preceding example, all su attempts were successful, except for the attempt on 2/23 at 20:51, when user pete
unsuccessfully attempted to su to user root.
Look for entries where an unauthorized user has used the command inappropriately. The following entry shows
a successful (indicated by +) su from user userid to root.
SU 03/31 12:52 + pts/0 <userid>-root