topic Re: Accessing Root Previlage in Operating System - HP-UX

Accessing Root Previlage

susee_sundar — Fri, 14 Jul 2006 05:52:19 GMT

Hi..

Somebody in my network is trying to acess the Root previlage....
How can I find that from which Client he is trying to access.

Re: Accessing Root Previlage

MarkSyder — Fri, 14 Jul 2006 05:57:48 GMT

Assuming he's unsuccessful, his attempts will be written to btmp along with the ip address of the computer he's trying to access from:

/usr/sbin/acct/fwtmp < /var/adm/btmp

Mark Syder (like the drink but spelt different)

Re: Accessing Root Previlage

rariasn — Fri, 14 Jul 2006 05:58:13 GMT

HI,

hpux:

# lastb

# last

The lastb command searches backwards through the database file /var/adm/btmp to display bad login information. Access to
/var/adm/btmp should be restricted to users with appropriate privileges (owned by and readable only by root) because it may contain
password information.

# man last

rgs,

ran

Re: Accessing Root Previlage

Steven E. Protter — Fri, 14 Jul 2006 06:56:45 GMT

Shalom,

lastb -R

Displays the IP address of the bad root login.

That should enable you to get the exact person or at least workstation trying to violate security.

SEP

Re: Accessing Root Previlage

susee_sundar — Fri, 14 Jul 2006 07:03:41 GMT

Thanks a lot to all ... I find the Solution from the last reply...