HPE Community
Operating System - HP-UX
1752815 Members
6060 Online
108789 Solutions
New Discussion юеВ

Re: Disabling the SAM's GUI

 
Aldis Black
Advisor

тАО10-22-2010 03:16 AM

тАО10-22-2010 03:16 AM

Disabling the SAM's GUI

Hi All, I recently implemented the keystroke logging for root auditing but I am unable to log the activities in SAM when initiated via dtterm as it starts as GUI. Is it possible to disable the GUI version of sam so all the activities could be logged as in text version?
0 Kudos
Reply
4 REPLIES 4
Pete Randall
Outstanding Contributor

тАО10-22-2010 04:12 AM

тАО10-22-2010 04:12 AM

Re: Disabling the SAM's GUI

Sure, simply "unset $DISPLAY" prior to invoking SAM. You could do this in a small script aliased to sam so it would be automatic. If the script were clever enough it would save the contents of $DISPLAY before unsetting, then restore DISPLAY after running SAM.


Pete

Pete
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО10-22-2010 04:14 AM

тАО10-22-2010 04:14 AM

Re: Disabling the SAM's GUI

However, I'm still not sure that you will be able to intercept and log all the SAM keystrokes because you will still be in a menuing environment. Try it and see, I guess.


Pete

Pete
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО10-22-2010 06:04 AM

тАО10-22-2010 06:04 AM

Re: Disabling the SAM's GUI

> [...] simply "unset $DISPLAY" [...]

Uh, "unset DISPLAY", perhaps?

> [...] If the script were clever enough it
> would save the contents of $DISPLAY before
> unsetting, then restore DISPLAY after
> running SAM.

Or, even more clever, don't bother. Setting
the environment inside a shell script has
little effect when that script exits.

> [...] script aliased to sam [...]

Or, aliased to something like "sam", but not
"sam", leaving it no harder to get to the
normal SAM.
0 Kudos
Reply
Torsten.
Acclaimed Contributor

тАО10-22-2010 07:27 AM

тАО10-22-2010 07:27 AM

Re: Disabling the SAM's GUI

I doubt if keystroke logging makes any sense with sam, because you will see a lot of up and down and return keystrokes only.

How about having a look into SAMs log files or syslog?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.