topic Re: Security Loging capability in Operating System - HP-UX

Security Loging capability

Sanjiv Sharma_1 — Tue, 27 May 2008 12:31:27 GMT

Hi,

Is there any common tool available for HP-UX/Solaris and Linux which can log all the tasks/commands performed by a user from the time he login to the time he logs out?

Thank you,

Re: Security Loging capability

Jeeshan — Tue, 27 May 2008 12:44:32 GMT

Hi Sanjiv

you can use script to log the users activity

#man script

you can apply audit in hp-ux

Re: Security Loging capability

Deepak Kulkarni — Fri, 30 May 2008 09:06:37 GMT

Hi Sanjiv,

Please use script command.

Regards
DK

Re: Security Loging capability

F Verschuren — Fri, 30 May 2008 12:39:18 GMT

the easy way is to captre the .sh file:
for a user that becomes root you can add the next line in the /.profile to sort out who is doing wat...
USERNAME=`/usr/bin/who am i|/usr/bin/awk ' { print $1}'`
if [ ! -z "$USERNAME" ]; then
USERPROFILE=/home/$USERNAME/.profile
HISTFILE=/.sh_history.$USERNAME
if [ -r $USERPROFILE ]; then
. $USERPROFILE
fi
else
# number histfile to keep users apart, remove file on exit
HISTFILE=/.sh_history.$$
trap "echo 'logout root';rm -f $HISTFILE" 0 9
fi
HISTSIZE=8048
export HISTFILE HISTSIZE
date >> /.sh_history.$USERNAME

However this file can be changed by the user it self...

you can alsow use the "Audited Users" I never have used it but you can configered it via sam
Auditing and Security
Audited Users

I was told this is using system resources so do not run it on a high loaded system

Re: Security Loging capability

Rasheed Tamton — Sat, 31 May 2008 08:43:40 GMT

Hi Sanjiv,

script is a simple tool. If you put it in user's .profile (read only) and redirect the output a file which is also read only then all the keystrokes of the user can be logged in the output file

script keys.file

There is a commercial tool called Symark PowerBroker which is capable to log all the keystrokes of the user including root (you can define for it) and can be played back the keys later auditing.

Regards.