- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- How one will come to know what commands he/she exe...
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
How one will come to know what commands he/she executed on the system after switching to root.
SOLVED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-01-2013 02:21 AM
04-01-2013 02:21 AM
Hi,
The history option is enabled in the user profile but when we switch the user as root (su – root) how one will come to know what commands he/she executed on the system? Please see as below history of commands for e.g. user – nuttekar, But as you can see once (su – root) is executed no further commands are recorded in history for that user.
ll -lrt
date
exit
cat .sh_history
su - root
testdr1:/home/nuttekar#
Let me explain our requirement came from Auditors…We are total 5 system administrator managing all the HP-UX servers. Direct root login is disabled on the server. We login with our individual Unix ID and then use (su – root) for root access. We are capturing SU logs for individual users who logged in as (su – root) as below,
***** list of switch user (su) on testdr1 ***** Date : 2013/03/24
SU 03/24 11:09 + 2 nuttekar-root
SU 03/24 11:41 + 3 nuttekar-root
But Auditors are asking is it possible to know once individual user logged in as (su – root) to know what commands he/she executed on the system?
Or is there any other solution from where we can come to know the commands executed by that particular individual user once switching as (su - root) on the system.
Thanks,
Narendra
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-01-2013 11:58 AM
04-01-2013 11:58 AM
Re: How one will come to know what commands he/she executed on the system after switching to root.
Re: How one will come to know what commands he/she executed on the system after switching to root.
Once a regular user uses 'su - root' to become root, all commands run then get recorded in the command history for the root user. The user is no longer running anything under their own user ID, everything is now running as root.
You might be able to do something with a custom HISTFILE based on the original user name. For example, adding the following to root's .profile:
export HISTFILE=$(who am i | awk '{print $1}')-history
may generate a history file with the original users name prepended. I haven't tested this, so I'm not sure it will work. The other thing is that there are NOT any time stamps in the command history.
You have to remember that the command history / command recall functions were designed as a convenience for the system administrator so that commands can be recalled easily. These functions were NEVER designed to be function as any sort of auditing facility.
If you need full command history, with time stamps, you might consider a commercial production like Power Broker.
You could have some of the logging capabilities by using sudo, BUT all users MUST then use sudo exclusively for the commands to get logged. If you do something like 'sudo su - root' to become root, then you run into the same thing where commands run as root are NOT logged.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-02-2013 02:01 AM
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP