HPE Community
Operating System - HP-UX
1753975 Members
7387 Online
108811 Solutions
New Discussion юеВ

System command Logging

 
SOLVED
Go to solution
Gene Laoyan
Super Advisor

тАО09-20-2006 04:06 AM

тАО09-20-2006 04:06 AM

System command Logging

Is it possible to log the commands a user types in at either the console or a telnet session? I ask because I want to see if someone, or hell maybe even me, issued an hpvmstop command to shut off our virtual machines. I came in today and they were all stopped.
Is this possible?

Also, how can I get the "Uptime" of the HP-UX server just in case it ASR'd? OS is HP-UX 11i v2 on an rx2620.
0 Kudos
5 REPLIES 5
mobidyc
Trusted Contributor

тАО09-20-2006 04:22 AM

тАО09-20-2006 04:22 AM

Re: System command Logging

Hello,

i think you can use script(1) for record a session user, you could put it in the user profile for automatic launch (never tested).

good luck
Best regards, Cedrick Gaillard
0 Kudos
Jaime Bolanos Rojas.
Honored Contributor

тАО09-20-2006 04:23 AM

тАО09-20-2006 04:23 AM

Re: System command Logging

Gene,

I would check the history file to see if the command is listed there. It won't tell you who did it, but we asume it was somebody with root privileges.

Also if you need to track those type of things down, I would convert to a trusted system or install sudo in the machine, to give priviledges to what users can execute or even check what user what the one that exected a certain command in the future.

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
spex
Honored Contributor

тАО09-20-2006 04:25 AM

тАО09-20-2006 04:25 AM

Solution

Re: System command Logging

Hi Gene,

1. The 'history' built-in will show you the last 15 commands. This command history is stored in $HISTFILE, which is set to ~/.sh_history, by default. As long as $HISTFILE is set, and $HISTSIZE is not 0, command history will be recorded.

2. # uptime

PCS
0 Kudos
Mel Burslan
Honored Contributor

тАО09-20-2006 04:42 AM

тАО09-20-2006 04:42 AM

Re: System command Logging

script solution can easily be circumvented by writing over the log file byu the user issuing the questionable commands. So, even though it is a way, it does not give you the untampered logs you may want to see, right after a suspicious diappearance of a critical file.

check powerbroker from symark (http://symark.com) It has capability of logging commands to a remote server (where you keep eternal users away from). It is not free. Actually it may be quite costly for a casual logging. But at the same time, it gives you the ability to show untampered logs to the Sarbanes-Oxymoron auditors. It makes them so happy, you can not imagine :)
________________________________
UNIX because I majored in cryptology...
0 Kudos
Gene Laoyan
Super Advisor

тАО09-20-2006 04:47 AM

тАО09-20-2006 04:47 AM

Re: System command Logging

Thanks everyone!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.