HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: enhancing user activity tracking
Operating System - HP-UX
1830066
Members
17477
Online
109998
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2002 04:12 PM
12-02-2002 04:12 PM
Your help is needed in resolving the details of an idea that I had on enhancing user activity tracking.
The given is that the user has access to their own sh_history file and can make changes (i.e. cover their tracks). We???re utilizing the Bourne shell (/bin/sh) for our system functions and the Korn shell (/bin/ksh) for the user???s startup program.
What we need to figure out, is a way to duplicate what is written by the shell to a user???s sh_history file. The duplicate entry will need to be written to another specified file in a restricted directory (i.e. /var/adm/usrlog/.username.log). This way if the user deletes entries in their own sh_history file, the original commands will still exist in the duplicate file.
Trying to work around user deniability. Any ideas?
The given is that the user has access to their own sh_history file and can make changes (i.e. cover their tracks). We???re utilizing the Bourne shell (/bin/sh) for our system functions and the Korn shell (/bin/ksh) for the user???s startup program.
What we need to figure out, is a way to duplicate what is written by the shell to a user???s sh_history file. The duplicate entry will need to be written to another specified file in a restricted directory (i.e. /var/adm/usrlog/.username.log). This way if the user deletes entries in their own sh_history file, the original commands will still exist in the duplicate file.
Trying to work around user deniability. Any ideas?
Friends and forums make the world go round.
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2002 05:16 PM
12-02-2002 05:16 PM
Solution
Hi,
There are probably a couple of ways. One would to be use 'logger' to capture the user information into a logfile. The second, you could use cron to make copies of the hostory file. If you use a trusted system you could turn on system auditing.
Only thing I would be hesitant doing would be any legal fall out. This would of course depend on your countries leagal system in doing this.
# tail -f ~username/.sh_history |while read line
do
logger $LOGNAME":"$line
done
Logger writes the output to syslog
You could then run grep on the user to get the commands that have been posted.
HTH
Michael
There are probably a couple of ways. One would to be use 'logger' to capture the user information into a logfile. The second, you could use cron to make copies of the hostory file. If you use a trusted system you could turn on system auditing.
Only thing I would be hesitant doing would be any legal fall out. This would of course depend on your countries leagal system in doing this.
# tail -f ~username/.sh_history |while read line
do
logger $LOGNAME":"$line
done
Logger writes the output to syslog
You could then run grep on the user to get the commands that have been posted.
HTH
Michael
Anyone for a Mutiny ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2002 12:39 PM
12-03-2002 12:39 PM
Re: enhancing user activity tracking
Thanks Michael.
Friends and forums make the world go round.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP