Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2009 07:10 PM
тАО05-31-2009 07:10 PM
All su id i can get from syslog.log, but can you pls tell me that from where we can check that commnds executed by the user who has done su from normal userid to root.
OS - 11.11
Server - SD32A, RP4440, RP3440
thnx...farhan
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2009 07:32 PM
тАО05-31-2009 07:32 PM
Re: su logs
Normally you can see the .sh_history file to see what is executed by the user at that time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2009 08:47 PM
тАО05-31-2009 08:47 PM
Re: su logs
Ahsan is right.
This is what I used to do.
We also modify the user .profile and make the history file with the date and time stamp.
each time the user logins all the commands are logged into that file (that has date-time stamps).
The drawback of this is there are too many files created. for example if the user logs in and logs out 100 times, there are 100 files created.
if you go this route then, you may need to cron this to get rid of these files.
let me know if you need the profile I will cut and paste it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2009 08:49 PM
тАО05-31-2009 08:49 PM
Re: su logs
From syslog.log you can find out which user is using "su" command.
>>from where we can check that commnds executed by the user
Go to that users home directiory and check .sh_history file there you can find the commands.
Suraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2009 10:22 PM
тАО05-31-2009 10:22 PM
Re: su logs
You can't accurately do this. If the user does "su -", you could look at root's history file but the user could erase it. If no "-", again the user could erase his history.
One suggestion is to use sudo for "each" command so they are all logged.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2009 10:58 PM
тАО05-31-2009 10:58 PM
Re: su logs
i checked in .sh_history, but the command which i am executing is not getting logged in history.
thnx...farhan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2009 11:31 PM
тАО05-31-2009 11:31 PM
Re: su logs
Which su(1) option did you use, "-"?
Which .sh_history? What does "echo $HISTFILE" show once you su?
This is why this isn't accurate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-01-2009 08:14 PM
тАО06-01-2009 08:14 PM
Re: su logs
i use "su -", and its geeting logged in sulog, but the other commands which i am executing (i.e. top, bdf)is not getting logged in .sh_history of root.
thnx...farhan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-01-2009 08:22 PM
тАО06-01-2009 08:22 PM
Re: su logs
its shows,
# echo $HISTFILE
sh: HISTFILE: Parameter not set.
#
#
# echo $ HISTFILE
$ HISTFILE
#
thnx...farhan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-01-2009 11:38 PM