HPE Community
Operating System - HP-UX
1828646 Members
6545 Online
109983 Solutions
New Discussion

Auditing and problems

 
Sreejith Kaliyam
Regular Advisor

‎05-10-2010 02:13 AM

‎05-10-2010 02:13 AM

Auditing and problems

Hi,

We are having issues after enabling the HP-UX auditing. So I would like to know any other third party or HP solution can be implemented to do the same job. I am looking for some kind of centrally managed logging server with detailed user activity report of other HP-UX servers on the network. It should offload the client servers from logging the heavy auditing information. I saw powerbroker as a solution. I am more interested in one from HP if they have one. Please advice. I have only two hp-ux servers (One Rp5430 with hp-ux 11iv1 and one rx2660 with hp-ux 11iv3).

Thanks and regards
Sreejith K
0 Kudos
Reply
3 REPLIES 3
Prasanth V Aravind
Trusted Contributor

‎05-10-2010 02:22 AM

‎05-10-2010 02:22 AM

Re: Auditing and problems

powerbroker is good one .. but you have to by license..

you can use command history function for getting user activity... i have impleneted this in my site.. hav a try on your test box if interedted ..



Pre-implementation steps:-
===============================
1. cp /etc/profile /etc/profile.old.bhe




Implementation steps:-
=========================

1. Login to server & run below commands.

cp /etc/profile /etc/profile.old.bhe
mkdir /var/adm/commandlog/
chmod 733 /var/adm/commandlog/

2. vi /etc/profile & remove old history definitions if exists.

3. Add below entry to the last for profile file.

export HISTFILE=/var/adm/commandlog/history_$(uname -n)_$( date +%Y_%b_%d_%H.%M.%S)_$(whoami)_from_$(who am i | awk '{print $1}')_$( who am i -u | awk '{print $8}')
HISTFILESIZE=5000
HISTSIZE=5000
export HISTFILE HISTSIZE HISTFILESIZE


Verification plan:-
============
1. Login to server againg & check can you able to see history file for you new session in /var/adm/commandlog/

Backup plan:-
=====================
cp /etc/profile.old.bhe /etc/profile



ensure that .. histfile deninition ie "HISTFILE=/var/adm/commandlog/history_$(uname -n)_$( date +%Y_%b_%d_%H.%M.%S)_$(whoami)_from_$(who am i | awk '{print $1}')_$( who am i -u | awk '{print $8}')
" comes in single line when you edit profile

:)

Gudluck
Prasanth
0 Kudos
Reply
Prasanth V Aravind
Trusted Contributor

‎05-10-2010 02:35 AM

‎05-10-2010 02:35 AM

Re: Auditing and problems

I have heard about rootsh , which is a open tool .. but not sure is it will work on hpux or not ..
0 Kudos
Reply
S.N.S
Valued Contributor

‎05-10-2010 04:50 AM

‎05-10-2010 04:50 AM

Re: Auditing and problems

Hi Sreejith,

As mentioned, you may use rootsh for HPUX:

ITRC Forums:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1401143

Read the last post

HTH
SNS
"Genius is 1% inspiration, 99% Perspiration" - Edison
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.