HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Community
System Administration
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password Change Recorded? Audit Records/elsewhere

 
johnnymac_1
johnnymac_1
Advisor

‎01-19-2011 02:49 PM

‎01-19-2011 02:49 PM

Password Change Recorded? Audit Records/elsewhere

If a user changes his password is this recorded in the security audits? If yes what "event" or "system call" would trigger this to be recorded?
Is there another file I should be reviewing, maybe the
# /usr/lbin/getprpw userid
0 Kudos
Reply
4 REPLIES
Anshumali
Anshumali
Esteemed Contributor

‎01-19-2011 09:52 PM

‎01-19-2011 09:52 PM

Re: Password Change Recorded? Audit Records/elsewhere

/usr/lbin/getprpw userid should give you the last password change in spwchg field.

Cheers!
Anshu
Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
Reply
Manix
Manix
Honored Contributor

‎01-20-2011 02:03 AM

‎01-20-2011 02:03 AM

Re: Password Change Recorded? Audit Records/elsewhere

if you need to keep all these logs ..better to go for auditing after converting your machine to trusted one.

read this document about "trusted systems"

& looks at enabling auditing on HP-UX machines

http://docstore.mik.ua/manuals/hp-ux/en/5992-3387/ch10s02.html#v817608
HP-UX been always lovable - Mani Kalra
0 Kudos
Reply
Manix
Manix
Honored Contributor

‎01-20-2011 02:10 AM

‎01-20-2011 02:10 AM

Re: Password Change Recorded? Audit Records/elsewhere

In order to enable auditing on those systems you need to be in trusted mode.

1. Convert the system to trusted mode (in sam)
2. Sam -> auditing

SAM -> Auditing and Security -> Any of Auditing events, users or system calls option and you will see on the top Auditing Turned : OFF or a ON depending on the status.
You can enable from Actions - TURN AUDITING ON

Also you need to select which events, users and system calls you want to get audited and make sure you have enough space in the selected audit log directory or filesystem.
HP-UX been always lovable - Mani Kalra
0 Kudos
Reply
Ismail Azad
Ismail Azad
Esteemed Contributor

‎01-20-2011 02:50 AM

‎01-20-2011 02:50 AM

Re: Password Change Recorded? Audit Records/elsewhere

Hi,

The system call you are looking for is probably getevent(2) as it captures events and system calls that are being audited. However, it is at the verge of obsolescense. All of this depends on a lot of things. Auditing can be configured by enabling trusted system and also with the SMSE database.

Check man 2 getevent!

Regards
Ismail Azad
Read, read and read... Then read again until you read "between the lines".....
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.