topic Re: Server root access issue in Operating System - HP-UX

Server root access issue

bhupals — Sat, 08 Apr 2006 20:46:28 GMT

Hi,
In my origination there is three system admin and every one has root password, I want to know that how many times they are accessing the system and what commands they are running on system becz the server is very critical. How can we track it ???

Please help me if possible......

Thanks

Bhupal Singh

Re: Server root access issue

Steven E. Protter — Sun, 09 Apr 2006 01:16:51 GMT

Shalom Bhupal,

Few ideas:

1) User is forced to log on as him/her self and then su - root. The logging is done to a different file based on who am i output

# in profile
H1=$(who am i | awk '{print $1}')
HISTFILE=".sh_history${H1}"

This gives a different file depending on what the originating user is.

To make this work, you MUST disable direct root login.

2) Several user id's with id zero that have their own home directories and HISTFILE (s).
This is a security problem and even though we do it where I work,I'd go for option 1.

SEP

Re: Server root access issue

Darrel Louis — Sun, 09 Apr 2006 03:28:08 GMT

Hi,

There is no need for them to know the root password. If you implement sudo they can become root and perform there work.
When implementing sudo you also need to modify the /etc/profile so that you can keep track of what they are doing.
if [ `whoami` = "root" ]
then
export HISTFILE=~/.hist.sa.`logname`
else
export HISTFILE=~/.hist.`logname`
fi
But keep in mind that the history file isn't keeping track of when a command was executed.

GoodLuck

Darrel