https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058489#M305643 Peace Steven,<BR /><BR />Actually, my boss' idea was something like this:<BR />If root logs in via console, the keylogger should be executed to record all root's actions (well, enlarging the history file size can do this as well).<BR /><BR />But, whenever a non-root su to root, then it must also be keylogged (only when it acts as root). In other words, bind to its tty. Comparing sulog and the history file can achieve audit to a certain extent, but my boss wants a nicer way to do things.<BR /><BR />Last of all, the logs of the keylogger would then be send regularly to another box.<BR /><BR />Thanks,<BR />=adley= Wed, 22 Aug 2007 20:35:16 GMT Brahnda Eleazar 2007-08-22T20:35:16Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058487#M305641 Peace all,<BR /><BR />Is there any way or a tool in HP-UX (11.11 and 11.23) that can keylog for specific users only? <BR /><BR />Thanks,<BR />=adley= Wed, 22 Aug 2007 08:09:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058487#M305641 Brahnda Eleazar 2007-08-22T08:09:59Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058488#M305642 Shalom,<BR /><BR />Sure, don't set HISTFILE and HISTSIZE in /etc/profile, set it in the users .profile file.<BR /><BR />SEP Wed, 22 Aug 2007 08:19:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058488#M305642 Steven E. Protter 2007-08-22T08:19:24Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058489#M305643 Peace Steven,<BR /><BR />Actually, my boss' idea was something like this:<BR />If root logs in via console, the keylogger should be executed to record all root's actions (well, enlarging the history file size can do this as well).<BR /><BR />But, whenever a non-root su to root, then it must also be keylogged (only when it acts as root). In other words, bind to its tty. Comparing sulog and the history file can achieve audit to a certain extent, but my boss wants a nicer way to do things.<BR /><BR />Last of all, the logs of the keylogger would then be send regularly to another box.<BR /><BR />Thanks,<BR />=adley= Wed, 22 Aug 2007 20:35:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058489#M305643 Brahnda Eleazar 2007-08-22T20:35:16Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058490#M305644 &gt;whenever a non-root su to root, <BR /><BR />I'm sure if you search the forum, there will be suggestions on not allowing this and instead use sudo to do each command, which then can be logged and which commands/users can be tailored. Thu, 23 Aug 2007 04:11:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058490#M305644 Dennis Handly 2007-08-23T04:11:14Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058491#M305645 <BR />Brahnda,<BR /><BR /> Seems your boss is concern on system security.<BR /><BR />check this out on 11.23 HPUX security containment address your boss concern<BR /><BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SecurityExt" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SecurityExt</A><BR /><BR /><BR />WK<BR /><BR />please assign points Thu, 23 Aug 2007 11:36:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058491#M305645 whiteknight 2007-08-23T11:36:57Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058492#M305646 <BR />Brahnda,<BR /><BR />Another points.<BR /><BR />Log Consolidation Overview<BR /><A href="http://docs.hp.com/en/T2786-90090/ch03s02.html" target="_blank">http://docs.hp.com/en/T2786-90090/ch03s02.html</A><BR /><BR /><BR />WK<BR />please assign points Thu, 23 Aug 2007 12:18:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058492#M305646 whiteknight 2007-08-23T12:18:43Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058493#M305647 Peace all,<BR /><BR />Sorry for the late reply.<BR />I was sick and just got better.<BR /><BR />Let me look at the links first.<BR /><BR />Thanks,<BR />=adley= Sun, 02 Sep 2007 21:10:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058493#M305647 Brahnda Eleazar 2007-09-02T21:10:38Z https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058494#M305648 There is a commercial product called Power Broker that can do keystroke logging.<BR /><BR />It can also control who has access to root.<BR /><BR />Information on Power Broker available here:<BR /><A href="http://www.symark.com/powerbroker.htm" target="_blank">http://www.symark.com/powerbroker.htm</A> Sun, 02 Sep 2007 21:23:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/keylogger-for-specific-users/m-p/4058494#M305648 Patrick Wallek 2007-09-02T21:23:50Z