HPE Community
Operating System - HP-UX
1834908 Members
3144 Online
110071 Solutions
New Discussion

Re: Check when a script has been executed

 
CharliePuyol
Advisor

‎01-06-2009 12:30 PM

‎01-06-2009 12:30 PM

Check when a script has been executed

Hello

I was using HIDS but it looks that it doesn't have an option to check if somebody executed a shell script, please help me if somebody know how to track if any user executed a shell script, if HIDS do that or if other application do that!

By the way, the OS is HP-UX 11.23...

ThanX!
0 Kudos
Reply
5 REPLIES 5
TTr
Honored Contributor

‎01-06-2009 12:54 PM

‎01-06-2009 12:54 PM

Re: Check when a script has been executed

The formal way to do what you are asking is to convert your server to a "trusted system" and do user auditing. trusted system is more challenging to manage and uses some cpu and disk resources. Without trusted system you can check the user's command history file (default is ~/.sh_history for posix shell users) to see if they typed the shell script name. This is not however a definite check, smart users can purge their command history so that you will not see the command in there.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-06-2009 12:55 PM

‎01-06-2009 12:55 PM

Re: Check when a script has been executed

Hi Charlie:

One essential problem with tracking the execution of shell scripts is that a shell script must be *readable* to be interpreted and therefore executed. This doesn't apply to the root user, of course, but does mean that you need to differentiate between merely reading a script and actually executing it.

Regards!

...JRF...
0 Kudos
Reply
CharliePuyol
Advisor

‎01-06-2009 01:09 PM

‎01-06-2009 01:09 PM

Re: Check when a script has been executed

Sorry for this question but I'm not really familiarized with trusted systems how can i activate via sam?
0 Kudos
Reply
TTr
Honored Contributor

‎01-06-2009 04:31 PM

‎01-06-2009 04:31 PM

Re: Check when a script has been executed

Do not activate it yet. First become very familiar with it because there are other restrictions and caveats that come with the trusted system.
http://docs.hp.com/en/5992-3387/apas01.html?jumpid=reg_R1002_USEN
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎01-06-2009 05:32 PM

‎01-06-2009 05:32 PM

Re: Check when a script has been executed

>if somebody know how to track if any user executed a shell script

You can of course change the script to log who used it and when and the parms.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.