Operating System - HP-UX
1748250 Members
3331 Online
108760 Solutions
New Discussion

Set trap for rm,mv,cat commands

 
SOLVED
Go to solution
chindi
Respected Contributor

Set trap for rm,mv,cat commands

Hi,

 

How to set traps for commands such as rm,mv,cat .

If any user uses this commands we must get mail alert for the same.

 

 

P.S. This thread has been moved from HP-UX > System Administration to HP-UX > security. - Hp Forum Moderator

 

 

5 REPLIES 5
Dennis Handly
Acclaimed Contributor

Re: Set trap for rm,mv,cat commands

Are you thinking about using auditing or what?

rm is unlink syscall, mv is rename, cat just opens/reads the file.

chindi
Respected Contributor

Re: Set trap for rm,mv,cat commands

Hi ,

 

I was under impression that traps can be set for commands also.

But i think its only for signals right ??  for ex cntrl -c  SIGHUP , etc ??

Bill Hassell
Honored Contributor
Solution

Re: Set trap for rm,mv,cat commands

Correct. Traps can only be set for signals.

 

I sounds like you have security and/or training issues. Are users removing or renaming files that they own? Or are these users logged in as root? If root, then immediately install sudo and configure these users to restrict the commands they can run as well as log commands that they are allowed to run. Then change the root password and give it to no one.



Bill Hassell, sysadmin
RJHall
Frequent Advisor

Re: Set trap for rm,mv,cat commands

"Are you thinking about using auditing or what?"

 

Yes, this sounds like a problem for which auditing is a possible solution. See audevent(1M). Possibly you need to look at rbac(5) as well.

chindi
Respected Contributor

Re: Set trap for rm,mv,cat commands

Hi RJ,

 

WE have configured HIDS and its mind-blowing.