- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: How to check what did the user do in HP-UX 11i...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:04 AM
тАО10-06-2009 11:04 AM
We are some HP-UX rp box running HP-UX 11i v1. I'm the root user.
For user management and check what did the user do, can I get a command to check which user have ran which commands? For example: I want to list all the commands that user user_a has run just now. Like in root, the "history" command.
Thanks, Any answers will be very appreciate.
-G
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:12 AM
тАО10-06-2009 11:12 AM
SolutionThere is no facility in HP UX to see what other do exactly, but there is some limited thing like :
whodo
a description of who is doing what
on your system.
and if you are root su - user_a and can check
more /home/user_a/.sh_history
but no timestamp there ..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:14 AM
тАО10-06-2009 11:14 AM
Re: How to check what did the user do in HP-UX 11i v1
If you need to do auditing to this level, there is a commercial product called PowerBroker that accomplishes this.
http://www.beyondtrust.com/products/pboverview.asp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:21 AM
тАО10-06-2009 11:21 AM
Re: How to check what did the user do in HP-UX 11i v1
I know the command "whodo", it only get very less info. But .sh_history is the one that I'm looking for except on timestamp. But it's okay now, I could guess.
Thanks a lot.
Have a good day.
-G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:28 AM
тАО10-06-2009 11:28 AM
Re: How to check what did the user do in HP-UX 11i v1
Thanks for you answers.
In root, I just know to run command # history and # history -100.
How to get the info of 2 sec ago, 2min ago, 2hours ago ...
2. How to get other user's info like 2 min ago, 2 hour ago as root user?
-G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:30 AM
тАО10-06-2009 11:30 AM
Re: How to check what did the user do in HP-UX 11i v1
on second though, check if you have bash shell:
bash
you can do a trick to have history file with timestamp :
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1375354
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:50 AM
тАО10-06-2009 11:50 AM
Re: How to check what did the user do in HP-UX 11i v1
Before enabling the audit sub-system, you should set up a place for the audit logs. The default location for them is on the root LV, which is a very bad choice: the audit log can grow with no limit and once it fills the root filesystem, no one can log in anymore. You must then crash the system, boot it to single-user mode and clear up the mess. This happens to quite a few people when testing the audit sub-system for the first time.
Configure the audit log destination so that it is on a non-root disk *before* enabling auditing, and monitor the accumulation rate of the audit logs. Trust me on this.
For auditing just "who ran what when", you'll need to pick an audit event category that logs the exec() family of system calls and not much else. By a quick look through "man audevent", this would probably be the "process" category.
Warning: if you choose log the events in categories "open" and/or "create", you are likely to get *much* more log output than you expect. Even the execution of a single command will cause many files to be opened for reading. If you enable these log categories, the amount of work the system needs to do for logging may take a non-negligible chunk of the system's capacity for actual useful work.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 11:55 AM
тАО10-06-2009 11:55 AM
Re: How to check what did the user do in HP-UX 11i v1
With the history file in HP-UX there is NO WAY TO KNOW when a command is from. It could be from any time, 2 minutes ago or 2 years ago, and you would NEVER know the difference.
You can look at the "history" file with cat, more or vi. The name of the file is defined in your .profile via the HISTFILE environment variable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 12:09 PM
тАО10-06-2009 12:09 PM
Re: How to check what did the user do in HP-UX 11i v1
Thanks for your detail explanation above. Most our HP-UX system are C2-level Trusted System, so I will give it a try.
Thanks
-Gary
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 12:12 PM
тАО10-06-2009 12:12 PM
Re: How to check what did the user do in HP-UX 11i v1
I have got how to check history file for everyone through .sh_history file.
Thank Patrick.
-Gary