HPE Community
Operating System - HP-UX
1751858 Members
5295 Online
108782 Solutions
New Discussion юеВ

Re: find out all user

 
Fred Ruffet
Honored Contributor

тАО02-24-2009 01:54 AM

тАО02-24-2009 01:54 AM

Re: find out all user

Turning system into trusted mode may not be done to fast. It may have side effects that need to be studied.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Reply
prateek_1
Advisor

тАО02-24-2009 01:58 AM

тАО02-24-2009 01:58 AM

Re: find out all user

Thanks ganesan ,now i m able convert the system into trusted mode.

but above command are giving same o/p--

bash-2.05# last -R user1 user2

WTMPS_FILE begins at Thu Jan 29 19:42:29

i need to find out the ip of user and check where and what changes he/she had done.

0 Kudos
Reply
Fred Ruffet
Honored Contributor

тАО02-24-2009 02:04 AM

тАО02-24-2009 02:04 AM

Re: find out all user

The "last" command will only tell you who logged in, from which IP and at which time. But it won't tell you what action has been made. If it's a shell action, you will have information in the .sh_history file of the user (if it exists).

Regards,

Fred


--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО02-24-2009 02:05 AM

тАО02-24-2009 02:05 AM

Re: find out all user

duplicate thread has been opened. close one

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1316984
a warrior never quits
0 Kudos
Reply
prateek_1
Advisor

тАО02-24-2009 02:14 AM

тАО02-24-2009 02:14 AM

Re: find out all user

sure ahsan,
0 Kudos
Reply
prateek_1
Advisor

тАО02-24-2009 02:17 AM

тАО02-24-2009 02:17 AM

Re: find out all user

Hi fred ,

.sh_history is not here but i can see some previous command on .bash_histroy.but its difficult to me to specify which command used by which user.could you help me on that
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

тАО02-24-2009 02:17 AM

тАО02-24-2009 02:17 AM

Re: find out all user

Is this something you need to do going forward, or are you actiavely trying to determine a change that someone has made in the past?

If the latter, it sounds to me like its too late. Enabling auditing won't show you what happened *before* auditing was enabled! Only what has happened since it was enabled.

A couple of other points:

i) Don't convert to a trusted system... hou don't need to to enable autiting in 11iv3(11.31). In fact trusted systems will be deprectaed in a future release.

ii) If you really wanto to setup auditing correctly I suggest you *read and understand* the section of the manual that covers this:

http://docs.hp.com/en/5992-3387/ch10.html

It really isn't as simple as running a couple of commands and magically getting what you want. You bhave to take ther time to decide what you're going to audit and then configure collection and manage the ongoing production of audit logs...

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.