- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Syslog edition
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2009 11:09 PM
тАО11-22-2009 11:09 PM
Syslog edition
Please help me i am in trable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2009 11:23 PM
тАО11-22-2009 11:23 PM
Re: Syslog edition
Please help me i am in trable.<<<
yes its possible.
i will assume person who have "root" access or privilege user can on edit the syslog.log
if syslog carried proper file permission as shown below
-rw-r--r-- 1 root root 846035 Nov 23 15:09 /var/adm/syslog/syslog.log
How to check ?
if auditing as been enable you check, if not
last -R root |more -> look for the IP address and the time when was the syslog.log has been edited. may give you clue :)
Hope This helps,
Regards,
Johnson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2009 11:26 PM
тАО11-22-2009 11:26 PM
Re: Syslog edition
Now if you want to find which user logged in as root [ if you don give root passwd ]
then you may have to use some other s/w likes powerbroker etc.
BR,
Kapil+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2009 11:32 PM
тАО11-22-2009 11:32 PM
Re: Syslog edition
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2009 11:46 PM
тАО11-22-2009 11:46 PM
Re: Syslog edition
For future you can use 'script' command in profile file [ to capture everything a user do ] and then save it somewhere for your referemce.
FOr the time being I think its not possible who edited.
BR,
Kapil+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2009 12:47 AM
тАО11-23-2009 12:47 AM
Re: Syslog edition
The best way who accessed this file use either a script with cronjob OR install HIDS software from HP. The second way is great of course. Go to this link to see first method:
http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1377980
if prefer the second method:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-HIDS
it is up to you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2009 08:45 AM
тАО11-23-2009 08:45 AM
Re: Syslog edition
last -R only shows logins and logouts. A root user may login and edit every file in the system. You can see these commands that were executed in the root user $HOME directory in the file .sh_history. If that file is not present, then there are no records of what root did when logged in. The .sh_history file is an absolute requirement (for all users) in a secure system.
But giving the root password to anyone is always a security risk. The better choice is to use sudo (download from HP) and set rules for each user's capabilities.
Bill Hassell, sysadmin