tracking the change of root and other password!!!

user1221 · ‎03-24-2009

Hi all,

I want to track the change of root password and other users, how can I check who change the password from which machine, tty? is there any log file in hp-unix which tracks all the changes made to the user accounts??

PLEASE help!!!

Thanks & Regards.

Ganesan R · ‎03-24-2009

Hi,

Answer is no fortunately. Why do you want to track this when they are having privilage to change their passwords and account credentials?

normal user cannot change other account attributes. Only root can do all. restrict the root access.

You can enable auditing to trace the user activities. but that will capture all the tasks not only accounts related.

Best wishes,

Ganesh.

user1221 · ‎03-24-2009

Thanks for reply!
how can I enable auditing, does the auditing will create audit files for every activity of the users?

avizen9 · ‎03-24-2009

i dont think hpux have any logs for password change.

if you want to enable logs you need to convert your system in trasted system, which will allow you to generate many logs,
you can refer this document for this, let me know how it goes, thanks,

http://docs.hp.com/en/B2355-90950/ch08s08.html

//avi

SSCHAER · ‎03-24-2009

mv /usr/bin/passwd /usr/bin/passwd_orig

then create script /usr/bin/passwd using vi :

clear
echo "your attempt to change your password will be logged"
echo "user `who am i` changes password `date`" >>/var/adm/syslog/syslog.log
passwd_orig
echo "***********************" >>/var/adm/syslog/syslog.log

chmod 0755 /usr/bin/passwd.
everytime someone executes passwd it will run the script above.

Tingli · ‎03-24-2009

passwd -s -a
can give you the time when the user has changed his password.