- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: How best to handle logging of indiv users to r...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 07:18 AM
тАО03-19-2008 07:18 AM
Is there some .profile script (I think I've seen them in the past) that somehow know who I came in from and as, and then would generate a history file of each command. And secondly, a way to timestamp that stuff easily?
Best practices, tips, and scripts (especially the easiest ones to implement) are appreciated.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 08:31 AM
тАО03-19-2008 08:31 AM
Solution%admin ALL=NOPASSWD: /usr/local/bin/rootsh -i -u root
I then have an alias called root for that command to run through sudo.
Then we stop direct root logins and force users to use sudo to get to root. rootsh is basically a screen capture tool that logs all the commands and the output of them to a log file for each user. It can also tie into syslog to send the information to a dedicated syslog server. We also do this for other generic signons used by specific applications.
For one account that has some control codes that don't work with the rootsh product, we put this in the .profile for that user:
HISTSIZE=2000 HISTFILE=$HOME/.sh_history_`who am i|awk '{ print $1}'`
export HISTFILE HISTSIZE
trap 'date "+# %c" | read -s' debug
This creates a seperate HISTFILE for each user that accesses that ID. Then we force access to that ID through sudo.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 12:45 PM
тАО03-19-2008 12:45 PM
Re: How best to handle logging of indiv users to root via su or sudo
So, your code relies on a feature of "who am i" that gives your logged in user id (not root) from whence you sudo'd from?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 01:35 PM
тАО03-19-2008 01:35 PM
Re: How best to handle logging of indiv users to root via su or sudo
Note, that both require an addional serial connection into the console. And this is typical with what your wanting to do. So factor in cable and stuff.
http://www.eng.auburn.edu/~doug/console.html
For the Aurora serial controller:
http://auroratech.com/uploadcache/pres_f&c_division_overview_8_2005.pdf
I can't find anything on Amity. I wonder if its proprietary to SBC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2008 06:53 AM
тАО03-20-2008 06:53 AM
Re: How best to handle logging of indiv users to root via su or sudo
Also for console access we use a product called conserver which we use to access our HP-UX consoles through. You need some kind of terminal server to connect your consoles to and then conserver can attach to the server and port and control access, allow multiple people to watch a console session, and log all activity on the console. So this covers us for logging direct root access from the console and the conserver logs tell us who opened each session. conserver is free, but you'd have the cost for the terminal server and cables.