System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

logging users permission changes

SOLVED
Go to solution
Ahmed Douban
Frequent Advisor

logging users permission changes

hi experts

may i ask if their is a way i can monitor or logging the users when they trying to change permission for specific files or updating timestamps for an existing files

thanks
7 REPLIES
ManojK_1
Valued Contributor

Re: logging users permission changes

Hi,

In HP Unix you can enable auditing.

Manoj K
Thanks and Regards,
Manoj K
Ahmed Douban
Frequent Advisor

Re: logging users permission changes

may you tell me the steps for enable auditing
and if the auditing enabled for all file systems or specific file system

thanks
Mel Burslan
Honored Contributor
Solution

Re: logging users permission changes

auditing is a subsystem in HPUX which can be turned on or off. When turned on, you can prrety much monitor everything your heart desires. Say somebody touched a file, even for read only, to attempting to modify or delete the file and whatever else you can think of. But asking someone to explain how auditing works in the forum, is not a reasonable request. You might want to google hpux auditing subsysetem phrase and start reading from the most obvious documents. It is a huge undertaking to enable auditing. It chews up your computers precious resources, from CPU to disk space and anything else in between. You should not consider turning it on lightheartedly just to monitor people changing file permissions, unless there is a criminal investigation going on and you are required to. Because this may bring your system down to its knees speed-wise
________________________________
UNIX because I majored in cryptology...
ManojK_1
Valued Contributor

Re: logging users permission changes

You can go through the documents in the following link

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c01944073/c01944073.pdf
Chapter 9 Audit Administration

Manoj K
Thanks and Regards,
Manoj K
Dennis Handly
Acclaimed Contributor

Re: logging users permission changes

>updating timestamps for an existing files

As in touch(1) or just writing to a file/directory?
Just accessing a file will modify a timestamp.
In any case, you need heavy weight auditing.
Bill Hassell
Honored Contributor

Re: logging users permission changes

Have you looked at the user's shell history files? While this is not foolproof, it can show you which user is using chmod or touch. A knowledgeable user can bypass the shell history but there should be signs in the shell history file (like a very short file or commands like /usr/old/bin/sh) which would indicate suspicious activity. Don't rule out bad scripts ad bad applications that do stupid things to files and directories.


Bill Hassell, sysadmin
Dennis Handly
Acclaimed Contributor

Re: logging users permission changes

>Bill: A knowledgeable user can bypass the shell history but there should be signs

A user can even use vi to execute commands.