HPE Community
Operating System - HP-UX
1836365 Members
1965 Online
110100 Solutions
New Discussion

Re: Activities of priviliged users

 
Turgay Cavdar
Honored Contributor

‎06-28-2007 05:13 PM

‎06-28-2007 05:13 PM

Activities of priviliged users

Are there any way to take Activities of priviliged users ? Entered commands,etc... sh_history, and sudo is not suitable for us. Any comments?
0 Kudos
Reply
4 REPLIES 4
Court Campbell
Honored Contributor

‎06-28-2007 05:27 PM

‎06-28-2007 05:27 PM

Re: Activities of priviliged users

Why is sudo not suitable. You can have more control over what users can do. Other than sudo you can use rbac if you are at least running 11.23. If for some reason you do end up using sudo, make sure to set it to log to another file. If I remember correctly it logs to syslog by default, and just makes more sense to have its own log. And as for history files, I roots profile set to setup a hist file that is per user. Then I can find out quicker and with more confidence who did what. We a scripts that then copy the hist files to another server for review. It's not full proof, but its better than nothing.

Sorry for answering about things that you do not find suitable. Seems like you will spend more time trying to do things programmatically and reinventing wheels.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Court Campbell
Honored Contributor

‎06-28-2007 05:30 PM

‎06-28-2007 05:30 PM

Re: Activities of priviliged users

> I roots profile set to setup a hist file that is per user.

WOW... that should be:

I setup roots profile to create a hist file that is per user.

I got my mords all wixed up.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Turgay Cavdar
Honored Contributor

‎06-28-2007 06:39 PM

‎06-28-2007 06:39 PM

Re: Activities of priviliged users

Hi the point is we try to log the activities of root. We need a way to log activities from root session itself.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-29-2007 12:01 AM

‎06-29-2007 12:01 AM

Re: Activities of priviliged users

> We need a way to log activities from root session itself.

Very, very common requirement. In many shops, the root is never allowed to login. In my shop, root's password is automatically changed every day -- and the 4 different sysadmins NEVER login as root. Instead, they use sudo, a special program to limit root access as well as LOG EVERYTHING. Just download sudo from HP's software site:

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

Internet Express is a collection of several tools. Just pick the version of HP-UX you are using, then select the item(s) you want. All packages are in swinstall format.

Without sudo, you should have your shell history setup on *ALL* users. Add these lines to /etc/profile:

export HISTFILE=$HOME/.sh_history
export HISTSIZE=1000
export EDITOR=/usr/bin/vi

You will have to watch this file. A user that tries to hide a mistake may try to edit this file but any change to it will corrupt it and the history command will show nothing while cat .sh_history will show what's left.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.