- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: How to find out who unconvert the system?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2002 08:20 AM
тАО11-12-2002 08:20 AM
I trusted the system before. However, today I found the system was untrusted.... because somehow reasons, I couldn't find relevant message from the syslog.log file. Instead, I found out from the samlog as follows:
Entering Task Manager with task TS_CONVERT_TO_NONTRUSTED.
@!@8@1026231267@0
Performing task "Convert to Non-Trusted System": converting back to a non-tr
usted system
@!@8@1026231267@0
Please correct me if I am wrong:
1. I found out the message above, and tracked the date and time..
2. Used the last command to find out who logged in that date at that time...
3. Then that's the person who did it...
Thanks,
Crystal
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2002 08:29 AM
тАО11-12-2002 08:29 AM
SolutionI would also check and see if anyone logged in, did an 'su -' and query that person. Does anyone else have the root passwd? If so, I would also change the root passwd and see who complains.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2002 08:31 AM
тАО11-12-2002 08:31 AM
Re: How to find out who unconvert the system?
Darrell
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2002 09:10 AM
тАО11-12-2002 09:10 AM
Re: How to find out who unconvert the system?
HTH
Marty
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2002 03:23 PM
тАО11-12-2002 03:23 PM
Re: How to find out who unconvert the system?
Also look at implementing 'sudo'. This will assist you in giving only certain commands to different users where possible. The other guys have assisted you in tracking down the culprit(s). You might look at who *really* needs shell access and who does not, as well setting up restricted shells.
Here's the link for 'sudo'
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2002 09:36 AM
тАО11-13-2002 09:36 AM
Re: How to find out who unconvert the system?
and a who -a /etc/wtmp
might give you a clue who the
culprit was.
If you have accounting turned
/usr/sbin/acctcom
(man acctcom)
will give you information on
tty ports, time stamps of who was logged in. Cross Referencing this information with who -a /etc/wtmp should help you find the person/s.
If you do have accounting on, and the problem happened several days befor you might have to recover pacct files to search.
Good Luck