HPE Community
Operating System - HP-UX
1822965 Members
4022 Online
109645 Solutions
New Discussion юеВ

Re: Audit and tracking of users on HPUX 11i

 
SOLVED
Go to solution
Shivkumar
Super Advisor

тАО06-14-2005 08:36 AM

тАО06-14-2005 08:36 AM

Audit and tracking of users on HPUX 11i

Hey Guys,

How to audit and track user activities on HP-UX 11i ?

For normal(ordinary) and power broker users.

Please note that we are not using any third party tools. We are just using power broker on HPUX 11i and HPUX 11i Operating environment.

Thanks,
Shiv
0 Kudos
Reply
5 REPLIES 5
Mel Burslan
Honored Contributor

тАО06-14-2005 08:49 AM

тАО06-14-2005 08:49 AM

Solution

Re: Audit and tracking of users on HPUX 11i

for the ordinary users, I am not sure what you want to track but, you can use the auditing subsystem which comes with hpux, but it is costly both performance-wise and diskspace wise. It can chew both of them up real quickly if you go wild on what you are auditing. If you want to get a global idea, fire up sam and go to auditing & security, usually the second option in the list.

But my gut feeling is, you want to know what commands the users ran as you want to audit power broker users as well. For powerbroker, you need to have admin rights on the central server, where everything the user does, gets logged to. After that, there is a bit of a convoluted process to determine which log you want to see then running it agains the log viewer of powerbroker. I can not exactly remeber as my powerbroker days are almost 2 years behind now.

________________________________
UNIX because I majored in cryptology...
Reply
Sandman!
Honored Contributor

тАО06-15-2005 04:44 AM

тАО06-15-2005 04:44 AM

Re: Audit and tracking of users on HPUX 11i

Shiv,

There are man y different ways to go about this:

/var/adm/syslog/syslog.log repots all su logins
last -R reports on all user logins and lastcomm, acctcom and acctcms show the commands executed by time of day by different users and ttys

man lastcomm acctcom acctcms

best of luck!
Reply
Juan M Leon
Trusted Contributor

тАО06-15-2005 05:36 AM

тАО06-15-2005 05:36 AM

Re: Audit and tracking of users on HPUX 11i

Shiv, I believe power broker (pbrun /pbsu ) have the avility to log sessions originated for each user that pbsu to another user. also each session can give the original user by entering 'id -u -n' and you can log it to your pb logs.

Hope it helps.
Reply
Steven E. Protter
Exalted Contributor

тАО06-15-2005 05:48 AM

тАО06-15-2005 05:48 AM

Re: Audit and tracking of users on HPUX 11i

For enhanced logging you might want to convert your system to trusted. Then you get audit reports with additional information.

tsconvert or SAM will do the conversion for you.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sandman!
Honored Contributor

тАО06-15-2005 06:37 AM

тАО06-15-2005 06:37 AM

Re: Audit and tracking of users on HPUX 11i

I forgot to mention about power broker in my last post. I'ave used it before and its similar to sudo where selective users can have rootly powers.

It can be configured to maintain logs of user requests on a separate secure logging machine if desired. Don't recall the binaries name but power broker provides a tool to go through logs looking for activities that meet user defined criteria.

It can also record keyboard and screen I/O and can replay root sessions later on for analysis. Current sessions can also be traced.

hope this helps :-)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.