https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082630#M440835 Hi Avinash<BR /><BR />Did u convert your system in trusted mode. You can do your queried security concern in trusted system<BR /><BR />- Login Successes and Failures<BR />If trusted you can get message<BR />- Addition / Deletion / Modification of Users<BR />If u use SAM to do so you have sam.log to view<BR />- Changes to Security Settings<BR />its in trusted system<BR />- Changes to Logging and Auditing Settings<BR />you can do also in trusted system<BR />- Service Access Logs e.g. FTP, Telnet, SSH etc<BR />you can view the syslog.log to view such like messages if your syslog process has entry for this services<BR />-Login Control <BR />if your system in trusted mode user can also see the message of successful and unsuccessful logins<BR />Terminal Timeout <BR />for telnet edit file in /etc/default/security<BR />and for other terminal use their individual configuration files Tue, 04 Dec 2007 10:55:35 GMT Jeeshan 2007-12-04T10:55:35Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082626#M440831 Friends,<BR /><BR />I like to have the following to be done on my server:<BR /><BR />Information to be logged<BR />- Login Successes and Failures<BR />- Addition / Deletion / Modification of Users<BR />- Changes to Security Settings<BR />- Changes to Logging and Auditing Settings<BR />- Service Access Logs e.g. FTP, Telnet, SSH etc<BR />Login Control <BR />After successful login, every user must be given information reflecting the last login time, date and details of any unsuccessful login attempts since the last successful login. <BR /><BR />Terminal Timeout <BR />Inactive Terminal Session (Telnet, SSH, tty, vty, sessions) must be set to a timeout of 15 minutes<BR /><BR />any response is highly appreciated Tue, 04 Dec 2007 08:26:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082626#M440831 Avinash20 2007-12-04T08:26:05Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082627#M440832 &gt;&gt;&gt;Login Successes and Failures<BR />It is already logged in wtmp files and you may use "last" command to see when a particular user was logged in.<BR /><BR />&gt;&gt;&gt;Inactive Terminal Session <BR />there is a variable TMOUT you can set it to according to your requiredment.<BR /><BR />&gt;&gt;&gt;Addition / Deletion / Modification of Users<BR />M not sure about any tools but you can write a script which will tell you whenever thers is some modification in /etc/passwd file.<BR /><BR />I suppose you need some tool or you'll have to wrie script for each.<BR />BR,<BR />Kapil<BR /><BR /><BR /> Tue, 04 Dec 2007 09:10:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082627#M440832 Kapil Jha 2007-12-04T09:10:27Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082628#M440833 Any further suggestion will be more helpful Tue, 04 Dec 2007 09:37:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082628#M440833 Avinash20 2007-12-04T09:37:33Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082629#M440834 &gt;Service Access Logs<BR /><BR />for logging FTP logs that is incoming and outgoing FTP file transfers, insert the-i and -o options with the ftp entry in the /etc/inetd.conf file. like this:<BR />ftpd -a -l -d -i -o<BR /><BR />The logs will be saved into /var/adm/syslog/xferlog.<BR /> Tue, 04 Dec 2007 10:16:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082629#M440834 Shrikant Lavhate 2007-12-04T10:16:01Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082630#M440835 Hi Avinash<BR /><BR />Did u convert your system in trusted mode. You can do your queried security concern in trusted system<BR /><BR />- Login Successes and Failures<BR />If trusted you can get message<BR />- Addition / Deletion / Modification of Users<BR />If u use SAM to do so you have sam.log to view<BR />- Changes to Security Settings<BR />its in trusted system<BR />- Changes to Logging and Auditing Settings<BR />you can do also in trusted system<BR />- Service Access Logs e.g. FTP, Telnet, SSH etc<BR />you can view the syslog.log to view such like messages if your syslog process has entry for this services<BR />-Login Control <BR />if your system in trusted mode user can also see the message of successful and unsuccessful logins<BR />Terminal Timeout <BR />for telnet edit file in /etc/default/security<BR />and for other terminal use their individual configuration files Tue, 04 Dec 2007 10:55:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082630#M440835 Jeeshan 2007-12-04T10:55:35Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082631#M440836 Thanks everyone:<BR /><BR /><A href="http://docs.hp.com/en/B2355-90950/ch08.html" target="_blank">http://docs.hp.com/en/B2355-90950/ch08.html</A><BR /><BR />This will help. Wed, 05 Dec 2007 12:31:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082631#M440836 Avinash20 2007-12-05T12:31:34Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082632#M440837 Hello Avinash,<BR /><BR />you can also use SAM's auditing. For system calls and other command. <BR /><BR />sp, Wed, 05 Dec 2007 16:02:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082632#M440837 Sp4admin 2007-12-05T16:02:11Z https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082633#M440838 Above url helped Sat, 29 Mar 2008 05:48:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-concern/m-p/5082633#M440838 Avinash20 2008-03-29T05:48:59Z