https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203461#M167108 Thanks to all. For whatever reason, they have chosen not to implement our system as "trusted". I like the idea of the script to monitor logins. At least I can check that off my "to do" list. The shell script thing is more of a paper trail thing. There are only three of us that even have command access to the system. Fri, 27 Feb 2004 09:35:42 GMT Tom Gore 2004-02-27T09:35:42Z https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203457#M167104 Is there a way to determine when/who changed a shell script? Also, is there a way to produce a listing of users who have not logged into the system within the last "nn" days. Since the introduction of the Sarbanes-Oxley Act, we are now required (by our auditors) to provide numerous "audit trail" reports. Virtually all movement through the system has to be accounted for and documented.<BR /><BR />Thanks Thu, 26 Feb 2004 13:40:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203457#M167104 Tom Gore 2004-02-26T13:40:01Z https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203458#M167105 If you set your system to Trusted there is a quite a bit of auditing you can do.<BR /><BR />David Thu, 26 Feb 2004 13:46:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203458#M167105 David Child_1 2004-02-26T13:46:01Z https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203459#M167106 HI<BR /><BR />For login info here:-<BR /><BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=39611" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=39611</A><BR /><BR />ll &lt;scriptname&gt; will show owner, group time and date.<BR /><BR />Also set-up and use change control procedures.<BR /><BR />Paula Thu, 26 Feb 2004 13:48:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203459#M167106 Paula J Frazer-Campbell 2004-02-26T13:48:20Z https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203460#M167107 Hi Tom,<BR /><BR />Unless you turn the 'auditing' on, it's difficult to find out who changed what on the system. There are softwares like CA's eTrust Access-control, powerbroker etc., that can provide additional controls in addition|replacing the standard UNIX permissions along with excellent reporting.<BR /><BR />If this system is trusted, you can get this information easily with getprpw command. <BR /><BR />/usr/lbin/getprpw -m slogint <USERNAME> <BR /><BR />will tell you when the user logged in successfully. <BR /><BR />To find out the users that have not logged into the system exactly within the last 'n' days, you will need to write a small script. Calculate the seconds since epoch with ' /usr/contrib/bin/perl -e "printf("%d\n",time())" ' - say A. Then in each user's tcb files /tcb/files/auth/<FIRSTLETTER>/user) you will find seconds since epoch when the user successfully logged in - say B. Calculate (A - B)/86400 and compare it against 'nn'. <BR /><BR />Without trusted system, you will need to depend on 'last' command. It shows it in days which you will need to convert into epoch and then do the calculations. Also last may not provide 100% information as *tmp files it uses might have gotten trimmed.<BR /><BR />-Sri</FIRSTLETTER></USERNAME> Thu, 26 Feb 2004 13:52:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203460#M167107 Sridhar Bhaskarla 2004-02-26T13:52:27Z https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203461#M167108 Thanks to all. For whatever reason, they have chosen not to implement our system as "trusted". I like the idea of the script to monitor logins. At least I can check that off my "to do" list. The shell script thing is more of a paper trail thing. There are only three of us that even have command access to the system. Fri, 27 Feb 2004 09:35:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/audit-trail/m-p/3203461#M167108 Tom Gore 2004-02-27T09:35:42Z