- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Command auditting on HPUX
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-02-2005 07:12 PM
тАО02-02-2005 07:12 PM
Command auditting on HPUX
Is there a way to implement command auditting on HPUX for interactive sessions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-02-2005 07:58 PM
тАО02-02-2005 07:58 PM
Re: Command auditting on HPUX
Audit user's history file. For example
tail -f /home/user/.sh_history
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-02-2005 11:02 PM
тАО02-02-2005 11:02 PM
Re: Command auditting on HPUX
If your system is already set for Trusted mode then you can turn on auditing by editing /etc/rc.config/auditing to define just what system calls to audit and what size files to create & turning it on with /sbin/init.d/auditing start.
I strongly recommend you study the man pages & only audit what you really need because on a busy system you can quickly roll up some huge audit files if you don't configure it to only audit specific events.
HTH,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2005 03:21 AM
тАО02-03-2005 03:21 AM
Re: Command auditting on HPUX
Thanx for the replies
I should have mantioned it from the begining:
Goal is to have "lightweight" auditing:
The history file is not realy an option as it can be tampered by it's owner
The builtin auditing is indeed overload in the scope I'm searching for:
Temporary root-delegation via a jumphost (key based ssh): only as last resort where sudo isn't enough
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2005 03:35 AM
тАО02-03-2005 03:35 AM
Re: Command auditting on HPUX
Just a couple of comments on the history file.
IF a user edits *any* history file it immediately becomes unusable. This is because it's not a "standard" text file. It has strategic control characters inserted in a specific pattern such that *any* editing upsets this pattern rendering it useless.
Even considering this, one could consider setting up a root cron job to periodically copy it out to a restricted directory to insure it can't be erased & to keep an *accurate* history of that user's commands.
And as to auditing it's not too hard to construct an auditing config file to *only* audit the "destructive" types of system calls & keep the audit files to a managable size. We do this & also employ cron jobs to rotate these files and coupled with tape backups we can keep a fairly long history of them.
My 2 cents,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2005 05:43 PM
тАО02-07-2005 05:43 PM
Re: Command auditting on HPUX
Sorry for this late reply. Thanx for your input.
We will examine some of the possibilities.
Note:
BASHA seems to the thing we need, but then there are some support issues which need to be solved in-house(http://unix.freshmeat.net/projects/basha/)