Detecting failed su to root attempts
This one-liner will list all failed "su" attempts to the superuser account.
This one-liner will list all failed "su" attempts to the superuser account. You'll be amazed at how many users attempt to hack root account.
cat /var/adm/sulog | nawk '$4 == "-" {print $0}' | grep 'root$'