HPE Community
Operating System - HP-UX
1753611 Members
5761 Online
108797 Solutions
New Discussion юеВ

Re: Keylogger for specific users

 
Brahnda Eleazar
Frequent Advisor

тАО08-22-2007 01:09 AM

тАО08-22-2007 01:09 AM

Keylogger for specific users

Peace all,

Is there any way or a tool in HP-UX (11.11 and 11.23) that can keylog for specific users only?

Thanks,
=adley=
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

тАО08-22-2007 01:19 AM

тАО08-22-2007 01:19 AM

Re: Keylogger for specific users

Shalom,

Sure, don't set HISTFILE and HISTSIZE in /etc/profile, set it in the users .profile file.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Brahnda Eleazar
Frequent Advisor

тАО08-22-2007 01:35 PM

тАО08-22-2007 01:35 PM

Re: Keylogger for specific users

Peace Steven,

Actually, my boss' idea was something like this:
If root logs in via console, the keylogger should be executed to record all root's actions (well, enlarging the history file size can do this as well).

But, whenever a non-root su to root, then it must also be keylogged (only when it acts as root). In other words, bind to its tty. Comparing sulog and the history file can achieve audit to a certain extent, but my boss wants a nicer way to do things.

Last of all, the logs of the keylogger would then be send regularly to another box.

Thanks,
=adley=
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО08-22-2007 09:11 PM

тАО08-22-2007 09:11 PM

Re: Keylogger for specific users

>whenever a non-root su to root,

I'm sure if you search the forum, there will be suggestions on not allowing this and instead use sudo to do each command, which then can be logged and which commands/users can be tailored.
0 Kudos
Reply
whiteknight
Honored Contributor

тАО08-23-2007 04:36 AM

тАО08-23-2007 04:36 AM

Re: Keylogger for specific users


Brahnda,

Seems your boss is concern on system security.

check this out on 11.23 HPUX security containment address your boss concern

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SecurityExt


WK

please assign points
Problem never ends, you must know how to fix it
0 Kudos
Reply
whiteknight
Honored Contributor

тАО08-23-2007 05:18 AM

тАО08-23-2007 05:18 AM

Re: Keylogger for specific users


Brahnda,

Another points.

Log Consolidation Overview
http://docs.hp.com/en/T2786-90090/ch03s02.html


WK
please assign points
Problem never ends, you must know how to fix it
0 Kudos
Reply
Brahnda Eleazar
Frequent Advisor

тАО09-02-2007 02:10 PM

тАО09-02-2007 02:10 PM

Re: Keylogger for specific users

Peace all,

Sorry for the late reply.
I was sick and just got better.

Let me look at the links first.

Thanks,
=adley=
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО09-02-2007 02:23 PM

тАО09-02-2007 02:23 PM

Re: Keylogger for specific users

There is a commercial product called Power Broker that can do keystroke logging.

It can also control who has access to root.

Information on Power Broker available here:
http://www.symark.com/powerbroker.htm
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.