- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: I want to get a mail whenever a user is using ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 05:18 AM
тАО05-27-2009 05:18 AM
Re: I want to get a mail whenever a user is using "su -" to get root access.
When we have to run your script?
do we have to configure this in crontab?
what is the time interval?
pls explain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 05:22 AM
тАО05-27-2009 05:22 AM
Re: I want to get a mail whenever a user is using "su -" to get root access.
But the promblem is how to know that what are the commands has been executed by what users?
How to find that these commands are entered by what users?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 05:39 AM
тАО05-27-2009 05:39 AM
Re: I want to get a mail whenever a user is using "su -" to get root access.
Check the sulog file for knowing who has done su login to root.
Regards
Sunny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 05:53 AM
тАО05-27-2009 05:53 AM
Re: I want to get a mail whenever a user is using "su -" to get root access.
> When we have to run your script?
just run the script in background. unless you or another root kill the process, it will run in the background check sulog file.
> How to find that these commands are entered by what users?
searched some. i knew, it's not supposed to give user id 0 to users for beeing root, but hp wrote:
http://docs.hp.com/en/5992-3387/ch02s11.html
if users switch to root, you can keep seperate history file according to ip, here is an example:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1220391
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 05:59 AM
тАО05-27-2009 05:59 AM
Re: I want to get a mail whenever a user is using "su -" to get root access.
Honestly, my approach would be to take the output of the above scripts, condense it down into a daily report, in a file and use this script to deliver it:
http://www.hpux.ws/?p=7
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 06:11 AM
тАО05-27-2009 06:11 AM
Re: I want to get a mail whenever a user is using "su -" to get root access.
As you may or may not have realized, auditing root users after they become root, is next to impossible with the built-in unix tools. Once they access the root level, they have the keys to the kingdom and they can do whatever they want, delete sh_history files, modify syslog and remove all the traces that they were there as root. So, the solution to your problem is questionable at best, using the tools provided the OS.
If you are being chased by the auditors, none of the solutions offered will fly in the face of professional auditors like Deloitte, Price-Waterhouse etc. If you are only looking for this as an information only tool, there are several real good suggestions above, but if you are looking into this as an audit tool, I have some bad news for you: You need to spend money ! Buy/License PowerBroker for hpux from Symark. Using, powerbroker, you can record every keystroke a user does on the system where this software is installed and writes them to a log on a remote server, even this user is root. I have used this product while I was contracting at HP and it is great, alas not cheap.
UNIX because I majored in cryptology...
- « Previous
-
- 1
- 2
- Next »