- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Set trap for rm,mv,cat commands
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2014 11:05 PM - last edited on 12-15-2014 08:05 PM by Maiko-I
12-11-2014 11:05 PM - last edited on 12-15-2014 08:05 PM by Maiko-I
Hi,
How to set traps for commands such as rm,mv,cat .
If any user uses this commands we must get mail alert for the same.
P.S. This thread has been moved from HP-UX > System Administration to HP-UX > security. - Hp Forum Moderator
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2014 02:15 AM
12-12-2014 02:15 AM
Re: Set trap for rm,mv,cat commands
Are you thinking about using auditing or what?
rm is unlink syscall, mv is rename, cat just opens/reads the file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2014 02:24 AM - edited 12-12-2014 02:27 AM
12-12-2014 02:24 AM - edited 12-12-2014 02:27 AM
Re: Set trap for rm,mv,cat commands
Hi ,
I was under impression that traps can be set for commands also.
But i think its only for signals right ?? for ex cntrl -c SIGHUP , etc ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2014 11:08 AM
12-12-2014 11:08 AM
SolutionCorrect. Traps can only be set for signals.
I sounds like you have security and/or training issues. Are users removing or renaming files that they own? Or are these users logged in as root? If root, then immediately install sudo and configure these users to restrict the commands they can run as well as log commands that they are allowed to run. Then change the root password and give it to no one.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2014 08:02 AM
12-17-2014 08:02 AM
Re: Set trap for rm,mv,cat commands
"Are you thinking about using auditing or what?"
Yes, this sounds like a problem for which auditing is a possible solution. See audevent(1M). Possibly you need to look at rbac(5) as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2015 12:56 AM
08-18-2015 12:56 AM
Re: Set trap for rm,mv,cat commands
Hi RJ,
WE have configured HIDS and its mind-blowing.