Resolution
goal
Can VM report if a user has run a switch user (su) command to root on a Unix agent?
goal
Can I use Vulnerability Manager to see who has run an su command on a Unix agent?
goal
How do I use VM to check if a user has changed their user ID to become root?
fact
NetIQ Vulnerability Manager 5.0
fact
NetIQ Vulnerability Manager 5.5
fact
VigilEnt Security Agent for Unix 5.0+
fix
note
This check returns a dump of all su command information. If you need real-time alerting on su activities, use the Rules Manager component of Unix Manager. Contact NetIQ Support if you need more information.
Can VM report if a user has run a switch user (su) command to root on a Unix agent?
goal
Can I use Vulnerability Manager to see who has run an su command on a Unix agent?
goal
How do I use VM to check if a user has changed their user ID to become root?
fact
NetIQ Vulnerability Manager 5.0
fact
NetIQ Vulnerability Manager 5.5
fact
VigilEnt Security Agent for Unix 5.0+
fix
To view all available information on switch user (su) commands run on the system:
- Start the NetIQ Vulnerability Manager console.
- Expand Security Knowledge > Security Checks > NetIQ Checks > UNIX > System.
- In the list pane, select the Switch User Command Statistics security check.
- In the toolbar, click Actions > Run Security Checks.
note
This check returns a dump of all su command information. If you need real-time alerting on su activities, use the Rules Manager component of Unix Manager. Contact NetIQ Support if you need more information.
Additional Information
Formerly known as NETIQKB50569