Re: audit trail in hpux

apple · ‎11-11-2009

dear HPUX gurus,
would like to seek your advice. how to track password change in hpux. we don't use sam, i can't find in syslog. do the audit need to be turned on manually? where to check all the command ie paswd in hpux. we are using HPUX 11.00 without TCB. Many many thanks. hope to hear from you.

Md. Farhan A Azam · ‎11-11-2009

Hi,

#passwd -sa >> may help you.

#man passwd >> for more details.

thnx...farhan

Aneesh Mohan · ‎11-11-2009

Hi ,

a small workaround for tracing password command without enabling TCB.

1)
# touch /usr/bin/aud
# chmod 555 /usr/bin/aud
# chmod u+s /usr/bin/aud

2) Insert the below line in /usr/bin/aud

echo "#####################################" >> /tmp/audit
echo " PASSWORD COMMAND AUDIT " >> /tmp/audit
echo "####################################" >> /tmp/audit
echo " Server Name " = $(hostname) >> /tmp/audit
echo " USER Name " = $(whoami) >> /tmp/audit
echo " DATE of Attempt " = $(date) >> /tmp/audit
J=`tty |cut -c 6-` >> /tmp/audit
echo " CLIENt IPAddrr " = $(who -u |grep $J |awk '{print $NF}') >> /tmp/audit
echo "####################################" >> /tmp/audit
/usr/bin/passwd.org

3) backup your /usr/bin/passwd file (with the correct permission for safer side).

4)mv /usr/bin/passwd /usr/bin/passwd.org

5)mv /usr/bin/aud /usr/bin/passwd

6) try passwd command

7) the audit information will be available in /tmp/audit (change the destination according to your wish)

Aneesh

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: audit trail in hpux

audit trail in hpux

Re: audit trail in hpux

Re: audit trail in hpux