System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

tracking the change of root and other password!!!

user1221
Frequent Advisor

tracking the change of root and other password!!!

Hi all,

I want to track the change of root password and other users, how can I check who change the password from which machine, tty? is there any log file in hp-unix which tracks all the changes made to the user accounts??

PLEASE help!!!

Thanks & Regards.
5 REPLIES
Ganesan R
Honored Contributor

Re: tracking the change of root and other password!!!

Hi,

Answer is no fortunately. Why do you want to track this when they are having privilage to change their passwords and account credentials?

normal user cannot change other account attributes. Only root can do all. restrict the root access.

You can enable auditing to trace the user activities. but that will capture all the tasks not only accounts related.
Best wishes,

Ganesh.
user1221
Frequent Advisor

Re: tracking the change of root and other password!!!

Thanks for reply!
how can I enable auditing, does the auditing will create audit files for every activity of the users?
avizen9
Esteemed Contributor

Re: tracking the change of root and other password!!!

i dont think hpux have any logs for password change.

if you want to enable logs you need to convert your system in trasted system, which will allow you to generate many logs,
you can refer this document for this, let me know how it goes, thanks,

http://docs.hp.com/en/B2355-90950/ch08s08.html

//avi
SSCHAER
Advisor

Re: tracking the change of root and other password!!!

mv /usr/bin/passwd /usr/bin/passwd_orig


then create script /usr/bin/passwd using vi :

clear
echo "your attempt to change your password will be logged"
echo "user `who am i` changes password `date`" >>/var/adm/syslog/syslog.log
passwd_orig
echo "***********************" >>/var/adm/syslog/syslog.log



chmod 0755 /usr/bin/passwd.
everytime someone executes passwd it will run the script above.
Tingli
Esteemed Contributor

Re: tracking the change of root and other password!!!

passwd -s -a
can give you the time when the user has changed his password.