HPE Community
Operating System - HP-UX
1832920 Members
3316 Online
110048 Solutions
New Discussion

Re: Are there audit capabilites for file access

 
SOLVED
Go to solution
Craig Miller_6
Occasional Advisor

‎07-26-2005 02:27 AM

‎07-26-2005 02:27 AM

Are there audit capabilites for file access

My manager is asking me if there are audit capabilities on HP-UX for file access, ie reads/updates. My HP security is very,very limited and I'm drawing blanks...

Any ideas? these are not trusted systems, most running 10.20, a couple running 11i.
0 Kudos
7 REPLIES 7
Florian Heigl (new acc)
Honored Contributor

‎07-26-2005 02:29 AM

‎07-26-2005 02:29 AM

Solution

Re: Are there audit capabilites for file access

without going to trusted mode, the answer is most definitely 'no'

sorry.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Rainer von Bongartz
Honored Contributor

‎07-26-2005 02:30 AM

‎07-26-2005 02:30 AM

Re: Are there audit capabilites for file access

Take a look at the HIDS product from HP at:

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-HIDS

Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
DCE
Honored Contributor

‎07-26-2005 02:36 AM

‎07-26-2005 02:36 AM

Re: Are there audit capabilites for file access

You will have to convert to trusted systems if you want auditing. If you convert, make sure you are current on your patch levels.

Also the conversion can be backed out fairly easily if you encounter problems

Helpful hint if you do the conversion: have a couple of windows open on the system with root access. The conversion, if done with certain parameters, has been known to deactivate root logins. As long as you have a root window open you can rectify the issue with out any problems test by opening a new window and try to logon as root
0 Kudos
Rainer von Bongartz
Honored Contributor

‎07-26-2005 02:39 AM

‎07-26-2005 02:39 AM

Re: Are there audit capabilites for file access

you don't need to go to trusted to use HIDS

HIDS can do (amongs a lot more)


Modification of critical system files and directories
Creation of world writable files
Creation and modification of privileged "setuid" files
File additions and deletions



Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎07-26-2005 02:51 AM

‎07-26-2005 02:51 AM

Re: Are there audit capabilites for file access

Hmmm, yes, if You didn't really need auditing of file accesses, but are happy with detection tampering or updates, then HIDS will prove a great tool.

Depends on what You need, for computer security purposes, HIDS is the best tool. If it's really about auditing who looked at "the secret files", You need trusted mode.

Also I'm not sure, if a current HIDS is made available for 10.20, but You can take the open source tripwire as a substitution on these systems.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Craig Miller_6
Occasional Advisor

‎07-26-2005 03:07 AM

‎07-26-2005 03:07 AM

Re: Are there audit capabilites for file access

Thanks for the advice. Sounds like we need to move to trusted systems to get the controls everyone is asking for..
0 Kudos
Craig Miller_6
Occasional Advisor

‎07-26-2005 03:09 AM

‎07-26-2005 03:09 AM

Re: Are there audit capabilites for file access

I have forwarded the information to my manager. Will have to see if we make the move to trusted systems
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.