General
cancel
Showing results for 
Search instead for 
Did you mean: 

How to capture root activity on HPUX 11.11

CA1452717
Occasional Advisor

How to capture root activity on HPUX 11.11

Hello Genius,

I am novice in the filed of HPUX. Can you please help me to find or configure the system in order to capture each and every move/activity of root or any equivalent user on my HP-UX box.

Many thanks in advance for time and advice.

Regards,
Vaibhav


7 REPLIES
Johnson Punniyalingam
Honored Contributor

Re: How to capture root activity on HPUX 11.11

>>>capture root activity on HPUX 11.11

Best approach would be by enabling (Auditing) in your server,

Check below link,
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1277967664446+28353475&threadId=1331532
Problems are common to all, but attitude makes the difference
CA1452717
Occasional Advisor

Re: How to capture root activity on HPUX 11.11

Many Thanks Johnson. I will try and write back in case if needed.

Regards,
Vaibhav
Bhadresh
Trusted Contributor

Re: How to capture root activity on HPUX 11.11

Hi Vaibhav,

Enable Audit on your server. Have a look at following thread:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?&threadId=1022171

Regards,
Bhadresh
Deeos
Regular Advisor

Re: How to capture root activity on HPUX 11.11

hi,


you can enable History of your server!



vi /etc/profile

HISTFILE=/.sh_history
exprot HISTFILE
HISTSIZE=100000
export HISTSIZE

or you can add those parameters to root $HOME .profile file!

Deepak
Deeos
Regular Advisor

Re: How to capture root activity on HPUX 11.11

mistake,

export HISTFILE
Deepak
CA1452717
Occasional Advisor

Re: How to capture root activity on HPUX 11.11

Hi Deedos and Bahdresh,

Many thanks for your reply and time. I appreciate it. I shall try your suggestions and let you know the output.

Thanks,

Vaibhav
Hakki Aydin Ucar
Honored Contributor

Re: How to capture root activity on HPUX 11.11

to use audit you need to have a trusted server ,you can check it by the command :
ls -l /tcb/files/auth/system/default

IF the file
/tcb/files/auth/system/default available then, it is trusted .