Operating System - HP-UX
1748069 Members
5541 Online
108758 Solutions
New Discussion юеВ

sulogs and access control software

 
SOLVED
Go to solution
S.S.
Super Advisor

sulogs and access control software

Hi Experts,

Our Auditor is asking to collect the sulogs for the Jan 2010. I have checked the OLDsulog and sulog files but the sulogs for Jan 2010 is not available. The OLDsulog file is overwritten when the server was rebooted.

Please help me how can i retrive the old historical data of sulog?

Also, another question from Auditors that to check for any access control software used for HP-UX.
How can i check that? Is it sudoers and RBACS?

Please advise me.

Your early response is highly appreciated.

Thank you.
5 REPLIES 5
Bill Hassell
Honored Contributor
Solution

Re: sulogs and access control software

> OLDsulog file is overwritten when the server was rebooted.

Auditors have a way of asking you for something that you never knew was a requirement. Your server is configured to erase the old logs -- they cannot be recovered. You need a security policy from your company that defines what procedures and records are to be followed.

> access control software used for HP-UX.

Again, a very ambiguous question. The login and password for each user is access control. Do you use ssh? Kerboros? sudo? RBACS? How about ftp?

There are also commercial products as well as download packages that can be categorized as access control. And your version of HP-UX is very important. 11.31 has a *lot* of security features, while 10.20 has very little.


Bill Hassell, sysadmin
Kapil Jha
Honored Contributor

Re: sulogs and access control software

you may want to check old backups, and you can get the old su logs.

For access control as said above RBACS, trusted system and all other things which affect the access to server is access control.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
madhuchakkaravarthy
Trusted Contributor

Re: sulogs and access control software

hi


once in a month we used to take backup of failed logins,, successful login and user switched to root.

but my suggestion is check the old backup.

regards

MC
Raj D.
Honored Contributor

Re: sulogs and access control software

S.S,
You can check :
# cat /etc/shutdownlog
or uptime
You can have sulog of that many days in /var/adm/sulog

- If this is needed in future you can put a cronjob that runs weekly or monthly to keep a backup of the sulog file.
- Also the last sulog can be found from the backup , netbackup or dataprotector what ever using in your environment.

Hth,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "
S.S.
Super Advisor

Re: sulogs and access control software

Thank you all for your valuable suggestions.
We will make a habit of taking backup for those files.