https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553769#M370892 Hi Michael,<BR /><BR />history file was there in the profile of root and even from the normal account, but wonder if someone just su (w/out -) and knows passwd of root, then we cannot ablel to tract down what r the cmds that user's been executed. We're implementing some security root audit from d company. <BR /><BR />Hi Dennis,<BR /><BR />Yeah, but I noticed the env is still somehow strange for the given values and parameters that was set there.<BR /><BR />Is there any possible way that we can still tract who user accnt who su (w/o -) and able to get the history log of it.<BR /> Tue, 22 Dec 2009 08:40:43 GMT shardam 2009-12-22T08:40:43Z https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553766#M370889 Hi Admin,<BR /><BR />How can I check the user's history log who su omitted (-)? The history is not able to capture from root and even user's history log.<BR /><BR />Appreciate your kind response. Tue, 22 Dec 2009 03:59:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553766#M370889 shardam 2009-12-22T03:59:44Z https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553767#M370890 Hmm, I would expect that if you just use "su", your new history will be in the same file as previous, if there was one. Tue, 22 Dec 2009 07:36:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553767#M370890 Dennis Handly 2009-12-22T07:36:15Z https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553768#M370891 Hi<BR /><BR />Sounds like your not set up for the basic history file. For either root or user's .profile and for Korn shell, 'export HISTFILE=.sh_history' should exist. To verify from either, 'env | grep -i his'. Tue, 22 Dec 2009 07:54:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553768#M370891 Michael Steele_2 2009-12-22T07:54:03Z https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553769#M370892 Hi Michael,<BR /><BR />history file was there in the profile of root and even from the normal account, but wonder if someone just su (w/out -) and knows passwd of root, then we cannot ablel to tract down what r the cmds that user's been executed. We're implementing some security root audit from d company. <BR /><BR />Hi Dennis,<BR /><BR />Yeah, but I noticed the env is still somehow strange for the given values and parameters that was set there.<BR /><BR />Is there any possible way that we can still tract who user accnt who su (w/o -) and able to get the history log of it.<BR /> Tue, 22 Dec 2009 08:40:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553769#M370892 shardam 2009-12-22T08:40:43Z https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553770#M370893 &gt;Is there any possible way that we can still tract who user account who su (w/o -) and able to get the history log of it.<BR /><BR />Not by using the shell history mechanism.<BR />You may want to look into sudo or RBAC.<BR />Some other threads:<BR /><A href="http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=649574" target="_blank">http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=649574</A><BR /><A href="http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1357406" target="_blank">http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1357406</A><BR /><A href="http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1342438" target="_blank">http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1342438</A> Tue, 22 Dec 2009 09:43:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/su-without-where-to-check-the-log/m-p/4553770#M370893 Dennis Handly 2009-12-22T09:43:28Z