- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Auditing under basic HP-UX 11i
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-01-2003 05:22 AM
тАО12-01-2003 05:22 AM
Auditing under basic HP-UX 11i
1) From which desktop a user run command
We would like to have special control of some commands and some user accounts
2) Date & Time of logon / logoff
3) Changes applied to system.
Change to kernel parameters
Bundle applied to system
4) File control. We need to know who and when a file was created, deleted, renamed, property changes, etc.
Do I need to configure HPUX as a trusted system?
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-01-2003 06:08 AM
тАО12-01-2003 06:08 AM
Re: Auditing under basic HP-UX 11i
1) who -u ( will give you that information; man who for details)
2) last (will give you logon/logoff details)
3) kmtune (for kernel param) and swlist (for patches)
4) Enabling accounting can give you these information in detail.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-01-2003 07:56 AM
тАО12-01-2003 07:56 AM
Re: Auditing under basic HP-UX 11i
Is this a HP command?
Or it is a library that can be called from a process?
Also, I was checking the "who" and "last" command, and I can see only information about accounts , as for example logon and logoff time, ip-address.
But I also need to know who did something in the system. For example :
- Who run a specific command
- Who deleted a file
- Who changed a kernel parameter
and so on.
How can i do this?
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-01-2003 08:41 AM
тАО12-01-2003 08:41 AM
Re: Auditing under basic HP-UX 11i
For items 2,3, and 4 in your question, I would suggest IDS/9000. It allows you to monitor changes in the system, changes to certain files that you define, date/time a person logged on/off, and much much more. You can find documentation on it at: http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=J5083-90007&service=hpux&path=00/00/1&title=HP%20Intrusion%20Detection%20System/9000%20Administrator%27s%20Guide%20-%20for%20versions%202.0%20and%202.1
I use IDS/9000 and if configured properly, it can serve as a great auditing tool.
-Hazem
Sr. Unix Admin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-01-2003 08:44 AM
тАО12-01-2003 08:44 AM
Re: Auditing under basic HP-UX 11i
But if I enable trusted system I can get the same information?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-01-2003 10:22 AM
тАО12-01-2003 10:22 AM