HPE Community
Operating System - HP-UX
1753408 Members
6981 Online
108793 Solutions
New Discussion юеВ

Re: Users Audit on HPUX

 
SOLVED
Go to solution
Nappy_1
Frequent Advisor

тАО05-11-2010 07:22 AM

тАО05-11-2010 07:22 AM

Users Audit on HPUX

Is there a way or a tool on hpux to find the commands that has been entered by a specific user
0 Kudos
Reply
6 REPLIES 6
R.O.
Esteemed Contributor

тАО05-11-2010 07:29 AM

тАО05-11-2010 07:29 AM

Solution

Re: Users Audit on HPUX

Hi,

You can to setup the history file. Take a look a this thread:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1423572

Regards,
"When you look into an abyss, the abyss also looks into you"
Reply
Pete Randall
Outstanding Contributor

тАО05-11-2010 07:45 AM

тАО05-11-2010 07:45 AM

Re: Users Audit on HPUX

The history file is the quick and simple way to get some idea, but is hardly ideal - in particular because the user can edit the file themselves. For a comprehensive solution you would need to turn on auditing, which requires your system to be trusted. I think both can be done through SAM - you might want to take a look at that.


Pete

Pete
Reply
Ron Freund
Occasional Advisor

тАО05-11-2010 09:38 PM

тАО05-11-2010 09:38 PM

Re: Users Audit on HPUX

Shell history is logical. But if you're watching for nefarious activity, may I suggest the Host Intrusion Detection System available from https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-HIDS

Get release 4.3, study the manual and learn its capabilities. The agent can alarm a central system when privs are elevated, when certain files are accessed, filters can be setup. Very useful, very powerful (imo).
R
Reply
Jeeshan
Honored Contributor

тАО05-11-2010 09:48 PM

тАО05-11-2010 09:48 PM

Re: Users Audit on HPUX

Hi

Modify /etc/profile, and add,

DATE=`date +%d_%b_%o_%a_%R:%S`
DEST=`hostname`
ORI=`who -R am i | awk '{print $6}' | cut -c2- | cut -f1 -d ')'`
mkdir -p $HOME/.historicos
HISTFILE=$HOME/.historicos/$DATE.$DEST.$ORI.$LOGNAME.txt
export HISTFILE
HISTSIZE=16384
export HISTSIZE

This will create a file in every user's directory. you can check which user's putted which commands in addition with some info.
a warrior never quits
Reply
S.N.S
Valued Contributor

тАО05-12-2010 01:43 AM

тАО05-12-2010 01:43 AM

Re: Users Audit on HPUX

Hi,

As Pete mentioned, the user can makes changes.

Also, when System is made trusted - the audit logs grow large very soon - take care of that.

However, looking forward, you might need to use Bastille:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1061420

HTH
SNS
"Genius is 1% inspiration, 99% Perspiration" - Edison
Reply
Suraj K Sankari
Honored Contributor

тАО05-12-2010 02:43 AM

тАО05-12-2010 02:43 AM

Re: Users Audit on HPUX

Hi,

Check the user's .sh_history file.
but this file can be edited by the user
for proper solution you need to enable auditing.

Suraj
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.