- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Alternative to saving history
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-21-2011 07:40 PM
тАО03-21-2011 07:40 PM
Alternative to saving history
We have a non-root account in which history is disabled. Is there any other way to save commands that get executed through that account.
I dont have root privileges on the system.
Please suggest...
Thanks,
Allan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-21-2011 08:03 PM
тАО03-21-2011 08:03 PM
Re: Alternative to saving history
Hello Allan,
This is perhaps not what you want to hear, and maybe something you do already, but I find it beneficial to just keep a notepad or vi - session open to dump useful commands into.
I create one for most every (sub)project I work on with a collection of 'handy' commands.
They file often also serves me to remember roughly what I have done for a project.
Sometimes those text files also capture a timeline, sometimes they are more or less random/unsorted.
Grep, Perl, ultraedit, crimson or whatever your favorite poison is will readily find back commands as needed.
I find a central, de-coupled file, handy when working with multiple idents, or on multiple systems.
fwiw,
Hein
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-23-2011 07:28 AM
тАО03-23-2011 07:28 AM
Re: Alternative to saving history
#man script
I have used this method: for troubleshooting an unexpected result, to document a process that is likely to be repeated, and even as the starting point to create a shell script (that way you have the tested syntax of the commands in the correct order).
Note: Script does not actually record the keystrokes entered, only their echo back to the screen. For this and other reasons it would not be a good choice if your (unstated) intent is for auditing purposes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-23-2011 07:37 AM
тАО03-23-2011 07:37 AM
Re: Alternative to saving history
You can try turning on logging in the software that you are using to connect to the server to record all of your session as an alternative.
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-23-2011 07:58 AM
тАО03-23-2011 07:58 AM
Re: Alternative to saving history
#vi .profile
export EDITOR=vi
export HISTSIZE= /.sh_history
export HISTSIZE=4000
dont forget to assign points
thanks
abir
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-23-2011 08:46 AM
тАО03-23-2011 08:46 AM
Re: Alternative to saving history
You can set up putty logs to the local pc.
disabling history is a SOX violation and eventually you are going to fail an audit.
Regards,
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-23-2011 08:39 PM
тАО03-23-2011 08:39 PM
Re: Alternative to saving history
Do you have some documentation regarding SOX compliance which mentions Unix history in particular?
Folks I am asking for an alternative to enabling history, I know how to enable history.
Thanks,
Allan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2011 04:11 PM
тАО03-25-2011 04:11 PM
Re: Alternative to saving history
Well without root, you can't turn on auditing.
Is this your account? Otherwise you can't do much with an account you can't login to.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2011 12:33 PM
тАО03-26-2011 12:33 PM
Re: Alternative to saving history
But if you need a command log for security/auditing purposes, one of the obvious requirements is that the user whose actions are being logged must not have write access to the log. To implement this, you may need some help from someone with root privileges.
The utilities "rootsh" and "sudosh" are mostly designed to be used with sudo, but the documentation of sudosh says it can be used as a shell too. Both utilities are similar in principle, but their feature sets are slightly different: they act as a "flight recorder" for a shell session, recording all user-visible input & output in the session.
If you don't have root access, you might have to compile a customized version of rootsh/sudosh; the most important customization would be to point the configuration file location and log destination to someplace that is writable by your non-root account.
http://sourceforge.net/projects/rootsh/files/
http://sourceforge.net/projects/sudosh2/files/
If you cannot change the shell of the non-root account, you would have to start sudosh/rootsh from the user's .profile or equivalent login script.
Both sudosh and rootsh can use syslog for logging: since the standard syslog logfiles are not writeable by regular users, this might be one way to send your command log to a secure location.
If you cannot compile sudosh/rootsh, the HP-UX standard command "script" can provide the "flight recorder" function, although you would have to write a more complicated login script for it to generate a new logfile name for each session. Also, securing the log may be tricky or impossible.
If you need to start your recording tool of choice from a login script, you should be careful: all these commands will start a new shell. If it also runs the login script, you'll end up with infinite recursion: login shell -> recording tool -> shell -> tool -> shell -> tool...
MK