HPE Community
Operating System - HP-UX
1752557 Members
4509 Online
108788 Solutions
New Discussion юеВ

Re: Auditing under basic HP-UX 11i

 
Raul Aviles
Occasional Advisor

тАО12-01-2003 05:22 AM

тАО12-01-2003 05:22 AM

Auditing under basic HP-UX 11i

Hi, I have installed HP-UX 11i under a Rp8400 server. We need to enable somo kind of auditing information like:

1) From which desktop a user run command
We would like to have special control of some commands and some user accounts

2) Date & Time of logon / logoff

3) Changes applied to system.
Change to kernel parameters
Bundle applied to system

4) File control. We need to know who and when a file was created, deleted, renamed, property changes, etc.

Do I need to configure HPUX as a trusted system?

Thanks in advance
0 Kudos
Reply
5 REPLIES 5
Helen French
Honored Contributor

тАО12-01-2003 06:08 AM

тАО12-01-2003 06:08 AM

Re: Auditing under basic HP-UX 11i

For system accounting purposes, you need to enable accout services on the system (man acct). Enabling trusted mode on systems will add more security to your server and you will have more control over system/user processes.

1) who -u ( will give you that information; man who for details)
2) last (will give you logon/logoff details)
3) kmtune (for kernel param) and swlist (for patches)
4) Enabling accounting can give you these information in detail.
Life is a promise, fulfill it!
0 Kudos
Reply
Raul Aviles
Occasional Advisor

тАО12-01-2003 07:56 AM

тАО12-01-2003 07:56 AM

Re: Auditing under basic HP-UX 11i

Hi, I tried to run the ACCT command with root but I receive a permission error.
Is this a HP command?
Or it is a library that can be called from a process?

Also, I was checking the "who" and "last" command, and I can see only information about accounts , as for example logon and logoff time, ip-address.
But I also need to know who did something in the system. For example :
- Who run a specific command
- Who deleted a file
- Who changed a kernel parameter
and so on.

How can i do this?

Thanks in advance
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

тАО12-01-2003 08:41 AM

тАО12-01-2003 08:41 AM

Re: Auditing under basic HP-UX 11i

I have mentioned this in other discussions as well, but I found that a really great auditing tool is one called Powerbroker by a company called Symark (www.symark.com).
For items 2,3, and 4 in your question, I would suggest IDS/9000. It allows you to monitor changes in the system, changes to certain files that you define, date/time a person logged on/off, and much much more. You can find documentation on it at: http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=J5083-90007&service=hpux&path=00/00/1&title=HP%20Intrusion%20Detection%20System/9000%20Administrator%27s%20Guide%20-%20for%20versions%202.0%20and%202.1

I use IDS/9000 and if configured properly, it can serve as a great auditing tool.

-Hazem
Sr. Unix Admin
0 Kudos
Reply
Raul Aviles
Occasional Advisor

тАО12-01-2003 08:44 AM

тАО12-01-2003 08:44 AM

Re: Auditing under basic HP-UX 11i

Hi,
But if I enable trusted system I can get the same information?

Regards
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

тАО12-01-2003 10:22 AM

тАО12-01-2003 10:22 AM

Re: Auditing under basic HP-UX 11i

You probably can. You can definitely perform auditing under a Trusted system as well as date/time logon/logoff. You can also control access from specific terminals.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.