https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397804#M200229 A utility like pcanywhere won't tell you a thing. If you have xfs set to enable in /etc/rc.config.d/xfs file you can use X emulation software to have an X desktop.<BR /><BR />In there you could do the following:<BR /><BR />tail -f /var/adm/syslog/syslog.log and track logins.<BR /><BR />To look for evidence of hacking you can carefully monitor the wtmp and btmp files or copy them off regulalry with a date stamp if the hacker is cleaning up after him/herself.<BR /><BR />Go through /etc/passwd and see if the hacker has set up an account for him/herself. Check for copies of ksh or sh that have suid set therefore letting the user become root.<BR /><BR />A really good product to get is commerical tripwire. If the hacker is messing with log files or configuration files to cover his/her tracks tripwire will spot it and let you know what ws done and how.<BR /><BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA</A><BR /><BR />Will harden your system against hackers.<BR /><BR />It requires:<BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL</A><BR /><BR />HIDS will help spot hackers as well:<BR /><BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA</A><BR /><BR />SEP<BR /> Mon, 11 Oct 2004 22:07:13 GMT Steven E. Protter 2004-10-11T22:07:13Z https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397802#M200227 Dear gurus -<BR /><BR />Do you know any utility available in HP-UX which can used like PC ANywhere software. Actually I beleive somebody is hacking our system. I would like to know how they did the same.<BR /><BR /> Mon, 11 Oct 2004 21:48:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397802#M200227 sdip 2004-10-11T21:48:53Z https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397803#M200228 Hi Sdip,<BR /><BR />There is SharedX but acts a bit like PC Anywhere but one has to allow them to use ShareX and you will see the such windows as "Shared".<BR /><BR />Check for last successful logins, IP addresses where the logins are from etc. using 'last' command. You can also check the history of root and the users that you think are compromised.<BR /><BR />-Sri Mon, 11 Oct 2004 22:03:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397803#M200228 Sridhar Bhaskarla 2004-10-11T22:03:54Z https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397804#M200229 A utility like pcanywhere won't tell you a thing. If you have xfs set to enable in /etc/rc.config.d/xfs file you can use X emulation software to have an X desktop.<BR /><BR />In there you could do the following:<BR /><BR />tail -f /var/adm/syslog/syslog.log and track logins.<BR /><BR />To look for evidence of hacking you can carefully monitor the wtmp and btmp files or copy them off regulalry with a date stamp if the hacker is cleaning up after him/herself.<BR /><BR />Go through /etc/passwd and see if the hacker has set up an account for him/herself. Check for copies of ksh or sh that have suid set therefore letting the user become root.<BR /><BR />A really good product to get is commerical tripwire. If the hacker is messing with log files or configuration files to cover his/her tracks tripwire will spot it and let you know what ws done and how.<BR /><BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA</A><BR /><BR />Will harden your system against hackers.<BR /><BR />It requires:<BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL</A><BR /><BR />HIDS will help spot hackers as well:<BR /><BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA</A><BR /><BR />SEP<BR /> Mon, 11 Oct 2004 22:07:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397804#M200229 Steven E. Protter 2004-10-11T22:07:13Z https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397805#M200230 hi,<BR /><BR />there is also the VNC software that can be used (only if the server processes are running).<BR /><BR />You may wish to install an Intrusion Prevention software so that this do not recur in the future..<BR /><BR />good luck!<BR />regards<BR />Yogeeraj Tue, 12 Oct 2004 00:06:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397805#M200230 Yogeeraj_1 2004-10-12T00:06:55Z https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397806#M200231 if a hacker has breached your system, i doubt they will be using a graphical client to do so..<BR /><BR />as someone said previously, monitor syslog for logins, and use the command 'last' to see what users have been logging in and for how long (wtmp)<BR /><BR />check for any major logs that have been 0-byted (/var/adm/syslog/syslog.log)<BR /> Wed, 13 Oct 2004 03:44:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/utility-like-pcanywhere/m-p/3397806#M200231 Jim Allan 2004-10-13T03:44:33Z