cancel
Showing results for 
Search instead for 
Did you mean: 

Auditing and problems

 
Sreejith Kaliyam
Regular Advisor

Auditing and problems

Hi,

We are having issues after enabling the HP-UX auditing. So I would like to know any other third party or HP solution can be implemented to do the same job. I am looking for some kind of centrally managed logging server with detailed user activity report of other HP-UX servers on the network. It should offload the client servers from logging the heavy auditing information. I saw powerbroker as a solution. I am more interested in one from HP if they have one. Please advice. I have only two hp-ux servers (One Rp5430 with hp-ux 11iv1 and one rx2660 with hp-ux 11iv3).

Thanks and regards
Sreejith K
3 REPLIES 3
Prasanth V Aravind
Trusted Contributor

Re: Auditing and problems

powerbroker is good one .. but you have to by license..

you can use command history function for getting user activity... i have impleneted this in my site.. hav a try on your test box if interedted ..



Pre-implementation steps:-
===============================
1. cp /etc/profile /etc/profile.old.bhe




Implementation steps:-
=========================

1. Login to server & run below commands.

cp /etc/profile /etc/profile.old.bhe
mkdir /var/adm/commandlog/
chmod 733 /var/adm/commandlog/

2. vi /etc/profile & remove old history definitions if exists.

3. Add below entry to the last for profile file.

export HISTFILE=/var/adm/commandlog/history_$(uname -n)_$( date +%Y_%b_%d_%H.%M.%S)_$(whoami)_from_$(who am i | awk '{print $1}')_$( who am i -u | awk '{print $8}')
HISTFILESIZE=5000
HISTSIZE=5000
export HISTFILE HISTSIZE HISTFILESIZE


Verification plan:-
============
1. Login to server againg & check can you able to see history file for you new session in /var/adm/commandlog/

Backup plan:-
=====================
cp /etc/profile.old.bhe /etc/profile



ensure that .. histfile deninition ie "HISTFILE=/var/adm/commandlog/history_$(uname -n)_$( date +%Y_%b_%d_%H.%M.%S)_$(whoami)_from_$(who am i | awk '{print $1}')_$( who am i -u | awk '{print $8}')
" comes in single line when you edit profile

:)

Gudluck
Prasanth
Prasanth V Aravind
Trusted Contributor

Re: Auditing and problems

I have heard about rootsh , which is a open tool .. but not sure is it will work on hpux or not ..
S.N.S
Valued Contributor

Re: Auditing and problems

Hi Sreejith,

As mentioned, you may use rootsh for HPUX:

ITRC Forums:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1401143

Read the last post

HTH
SNS
"Genius is 1% inspiration, 99% Perspiration" - Edison