topic Re: audit user creation/delete in Operating System - HP-UX

audit user creation/delete

Titania — Thu, 26 Jul 2007 06:11:14 GMT

Hello

I would like to know how to audit events like user creation/deletion/passwd modification etc, can be this done through SAM?

Re: audit user creation/delete

Ralf Seefeldt — Fri, 27 Jul 2007 01:11:16 GMT

Hi Titania,

SAM logs its actions in /var/sam/log/samlog.
There you should be able to find, what you are logging for. You may access the logfile by SAM
| Options | view SAM log or be texteditor.

To figure out, who performed any action, most of which nmay require root-permissions, you have to look at the information, stored in /etc/wtemp . You may access these with command "last" or, getting some additional information, by executing:
#cat /etc/wtmp | /usr/lib/acct/fwtmp | \ #tail -1000 > /etc/wtmp.txt #vi + /etc/wtmp.txt

Bye
Ralf

Re: audit user creation/delete

Steve Steel — Fri, 27 Jul 2007 02:23:13 GMT

Hi

http://docs.hp.com/en/5991-8678/ch06s03.html

Gives you the basics of real auditing

Steve Steel