- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Command auditting on HPUX
Operating System - HP-UX
1754339
Members
3033
Online
108813
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-02-2005 07:12 PM
тАО02-02-2005 07:12 PM
Command auditting on HPUX
Hello,
Is there a way to implement command auditting on HPUX for interactive sessions?
Is there a way to implement command auditting on HPUX for interactive sessions?
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-02-2005 07:58 PM
тАО02-02-2005 07:58 PM
Re: Command auditting on HPUX
Hello!
Audit user's history file. For example
tail -f /home/user/.sh_history
Audit user's history file. For example
tail -f /home/user/.sh_history
"Intel inside" is not a label, it's a warning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-02-2005 11:02 PM
тАО02-02-2005 11:02 PM
Re: Command auditting on HPUX
Hi Cristophe,
If your system is already set for Trusted mode then you can turn on auditing by editing /etc/rc.config/auditing to define just what system calls to audit and what size files to create & turning it on with /sbin/init.d/auditing start.
I strongly recommend you study the man pages & only audit what you really need because on a busy system you can quickly roll up some huge audit files if you don't configure it to only audit specific events.
HTH,
Jeff
If your system is already set for Trusted mode then you can turn on auditing by editing /etc/rc.config/auditing to define just what system calls to audit and what size files to create & turning it on with /sbin/init.d/auditing start.
I strongly recommend you study the man pages & only audit what you really need because on a busy system you can quickly roll up some huge audit files if you don't configure it to only audit specific events.
HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2005 03:21 AM
тАО02-03-2005 03:21 AM
Re: Command auditting on HPUX
Ayrtom, Jeff
Thanx for the replies
I should have mantioned it from the begining:
Goal is to have "lightweight" auditing:
The history file is not realy an option as it can be tampered by it's owner
The builtin auditing is indeed overload in the scope I'm searching for:
Temporary root-delegation via a jumphost (key based ssh): only as last resort where sudo isn't enough
Thanx for the replies
I should have mantioned it from the begining:
Goal is to have "lightweight" auditing:
The history file is not realy an option as it can be tampered by it's owner
The builtin auditing is indeed overload in the scope I'm searching for:
Temporary root-delegation via a jumphost (key based ssh): only as last resort where sudo isn't enough
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2005 03:35 AM
тАО02-03-2005 03:35 AM
Re: Command auditting on HPUX
Hi (again) Christophe,
Just a couple of comments on the history file.
IF a user edits *any* history file it immediately becomes unusable. This is because it's not a "standard" text file. It has strategic control characters inserted in a specific pattern such that *any* editing upsets this pattern rendering it useless.
Even considering this, one could consider setting up a root cron job to periodically copy it out to a restricted directory to insure it can't be erased & to keep an *accurate* history of that user's commands.
And as to auditing it's not too hard to construct an auditing config file to *only* audit the "destructive" types of system calls & keep the audit files to a managable size. We do this & also employ cron jobs to rotate these files and coupled with tape backups we can keep a fairly long history of them.
My 2 cents,
Jeff
Just a couple of comments on the history file.
IF a user edits *any* history file it immediately becomes unusable. This is because it's not a "standard" text file. It has strategic control characters inserted in a specific pattern such that *any* editing upsets this pattern rendering it useless.
Even considering this, one could consider setting up a root cron job to periodically copy it out to a restricted directory to insure it can't be erased & to keep an *accurate* history of that user's commands.
And as to auditing it's not too hard to construct an auditing config file to *only* audit the "destructive" types of system calls & keep the audit files to a managable size. We do this & also employ cron jobs to rotate these files and coupled with tape backups we can keep a fairly long history of them.
My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2005 05:43 PM
тАО02-07-2005 05:43 PM
Re: Command auditting on HPUX
Hi all,
Sorry for this late reply. Thanx for your input.
We will examine some of the possibilities.
Note:
BASHA seems to the thing we need, but then there are some support issues which need to be solved in-house(http://unix.freshmeat.net/projects/basha/)
Sorry for this late reply. Thanx for your input.
We will examine some of the possibilities.
Note:
BASHA seems to the thing we need, but then there are some support issues which need to be solved in-house(http://unix.freshmeat.net/projects/basha/)
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP