Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2008 09:31 PM
тАО04-16-2008 09:31 PM
Sudo
How can I monitor each and all commands from all users using sudo? Now I can do only sudo commands.
Regards,
Davis Paul.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2008 09:48 PM
тАО04-16-2008 09:48 PM
Re: Sudo
sudo itself limits what normally root only commands the user can execute.
If you do not have root access you can not monitor other users sudo activity.
If you have root access you can monitor the users keyboard logs, usually .sh_history in the users home directory. To be sure see what HISTFILE says in the users .profile file.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2008 09:49 PM
тАО04-16-2008 09:49 PM
Re: Sudo
1) ... from all users, using sudo
2) ... from all users that just happen to use sudo
Do you want to monitor ALL commands, whether sudo or not?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2008 10:25 PM
тАО04-16-2008 10:25 PM
Re: Sudo
I have a sudo log file in /var/run/sudo/sudo.log. From here I can get the command which I have given in /opt/iexpress/sudo/etc/sudoers for particular users. In this log file I am getting only command which starting with the word 'sudo'. I want to make an entry for all command evev if they are not starting with 'sudo'. Also how can I make a log entry in var/run/sudo/sudo.log for an ordinary user who has no special privileges in /opt/iexpress/sudo/etc/sudoers ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2008 10:37 PM
тАО04-16-2008 10:37 PM
Re: Sudo
http://sourceforge.net/projects/sudosh/
When a user starts a shell as another user using sudosh, it will log all the commands the user enters in that session.
If you need to log _all_ commands, whether using sudo or not, you should examine the auditing capabilities of HP-UX.
Note that the auditing system will, if necessary, log the start of _every process_, whether user-initiated or not. You may need to filter or otherwise post-process your audit logs to keep them in manageable size and/or find the relevant data in them.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2008 01:09 AM
тАО08-03-2008 01:09 AM