Databases
cancel
Showing results for 
Search instead for 
Did you mean: 

Auditing under basic HP-UX 11i

Raul Aviles
Occasional Advisor

Auditing under basic HP-UX 11i

Hi, I have installed HP-UX 11i under a Rp8400 server. We need to enable somo kind of auditing information like:

1) From which desktop a user run command
We would like to have special control of some commands and some user accounts

2) Date & Time of logon / logoff

3) Changes applied to system.
Change to kernel parameters
Bundle applied to system

4) File control. We need to know who and when a file was created, deleted, renamed, property changes, etc.

Do I need to configure HPUX as a trusted system?

Thanks in advance
5 REPLIES
Helen French
Honored Contributor

Re: Auditing under basic HP-UX 11i

For system accounting purposes, you need to enable accout services on the system (man acct). Enabling trusted mode on systems will add more security to your server and you will have more control over system/user processes.

1) who -u ( will give you that information; man who for details)
2) last (will give you logon/logoff details)
3) kmtune (for kernel param) and swlist (for patches)
4) Enabling accounting can give you these information in detail.
Life is a promise, fulfill it!
Raul Aviles
Occasional Advisor

Re: Auditing under basic HP-UX 11i

Hi, I tried to run the ACCT command with root but I receive a permission error.
Is this a HP command?
Or it is a library that can be called from a process?

Also, I was checking the "who" and "last" command, and I can see only information about accounts , as for example logon and logoff time, ip-address.
But I also need to know who did something in the system. For example :
- Who run a specific command
- Who deleted a file
- Who changed a kernel parameter
and so on.

How can i do this?

Thanks in advance
Hazem Mahmoud_3
Respected Contributor

Re: Auditing under basic HP-UX 11i

I have mentioned this in other discussions as well, but I found that a really great auditing tool is one called Powerbroker by a company called Symark (www.symark.com).
For items 2,3, and 4 in your question, I would suggest IDS/9000. It allows you to monitor changes in the system, changes to certain files that you define, date/time a person logged on/off, and much much more. You can find documentation on it at: http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=J5083-90007&service=hpux&path=00/00/1&title=HP%20Intrusion%20Detection%20System/9000%20Administrator%27s%20Guide%20-%20for%20versions%202.0%20and%202.1

I use IDS/9000 and if configured properly, it can serve as a great auditing tool.

-Hazem
Sr. Unix Admin
Raul Aviles
Occasional Advisor

Re: Auditing under basic HP-UX 11i

Hi,
But if I enable trusted system I can get the same information?

Regards
Hazem Mahmoud_3
Respected Contributor

Re: Auditing under basic HP-UX 11i

You probably can. You can definitely perform auditing under a Trusted system as well as date/time logon/logoff. You can also control access from specific terminals.