HPE Community
Operating System - HP-UX
1832938 Members
2750 Online
110048 Solutions
New Discussion

History of commands

 
SOLVED
Go to solution
Elias Abboud
Honored Contributor

‎07-19-2005 05:59 PM

‎07-19-2005 05:59 PM

History of commands

Hi everyone,

I need to monitor commands typed by users on my ux box.

I know there is a history feature but i ve noticed several things:

1. I cannot remove write access from the user since this will result in the stopping of logging the commands.

2. user can just delete the .sh_history file before. He can also edit it.


Am I doing somthing wrong? Can this be achieved or not?

Thanks in advance
If you can't solve it, post it :)
0 Kudos
Reply
10 REPLIES 10
Elmar P. Kolkman
Honored Contributor

‎07-19-2005 06:29 PM

‎07-19-2005 06:29 PM

Re: History of commands

I think what you are really looking for is accounting. It will cost some resources, but should do what you want.

'man -k acct' gives an overview of the accounting commands.

There might be ways of not allowing the removal of history (remove write access on the directory containing the history file and force the usage of the same history file every time) but that won't block the editing of the file or even truncating it).

Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Elias Abboud
Honored Contributor

‎07-19-2005 06:37 PM

‎07-19-2005 06:37 PM

Re: History of commands

Elmar,

Thanks for your reply. I am really new to this acct. Can you please explain it a bit more?

Thanks in advance
If you can't solve it, post it :)
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎07-19-2005 06:51 PM

‎07-19-2005 06:51 PM

Re: History of commands

I'm sorry, but it is 10 years ago since I last did something with it (on SCO Unix...). It will take too much time to re-familiarize with it. But there should be enough people on this forum with more up-to-date experience with it.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Elias Abboud
Honored Contributor

‎07-19-2005 06:57 PM

‎07-19-2005 06:57 PM

Re: History of commands

Thanks Elmar.

anyone else has an idea about this?

thanks in advance.
If you can't solve it, post it :)
0 Kudos
Reply
Cem Tugrul
Esteemed Contributor

‎07-19-2005 08:00 PM

‎07-19-2005 08:00 PM

Re: History of commands

Elias,

Could these links be what you are looking for?

http://forums2.itrc.hp.com/service/forums/questionanswer.do?threadId=218820

http://forums2.itrc.hp.com/service/forums/questionanswer.do?threadId=109749

http://forums2.itrc.hp.com/service/forums/questionanswer.do?threadId=15041

http://forums2.itrc.hp.com/service/forums/questionanswer.do?threadId=14568

Good luck,
Our greatest duty in this life is to help others. And please, if you can't
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

‎07-19-2005 08:15 PM

‎07-19-2005 08:15 PM

Re: History of commands

The option that I use is the "script" command.

Just write "script logfile"

Now whatever they write will go into this logfile.

You can give the name of logfile in such a way that users won't recognise what is going on.
Vibhor Kumar Agarwal
0 Kudos
Reply
Elias Abboud
Honored Contributor

‎07-19-2005 08:23 PM

‎07-19-2005 08:23 PM

Re: History of commands

Thanks for your replies.

I think i am a bit convinced that what i need is to setup accounting. Can anyone shed some light on the procedure of how to enable it and what are the tricks and tips for it?

Thanks in advance.
If you can't solve it, post it :)
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎07-19-2005 11:05 PM

‎07-19-2005 11:05 PM

Re: History of commands

There was the following documentation on 10.x systems (that is no longer on 11.x systems)
HP-UX 10.0 System Accounting White Paper, Part 1 OALWP06950320
HP-UX 10.0 System Accounting White Paper, Part 2 OALWP07950320

These are no longer on docs.hp.com as far as I can tell.

Did find them here
http://wwwpdp.web.cern.ch/wwwpdp/as/file/hpux10/OALWP06950320.html
http://wwwpdp.web.cern.ch/wwwpdp/as/file/hpux10/OALWP07950320.html

Also the release notes explain briefly how to enable it http://docs.hp.com/en/5964-5283/ch07s01.html

Other options might be to Trust the system and enable auditing http://docs.hp.com/en/B2355-90121/ch02s05.html

With the advances in recent 11i versions, security and compartmentalization can give you some of the same functions. I recently saw some slides on this and it showed how you can assign specific users access to specific tasks/commands in great detail. http://www.hp.com/products1/unix/operating/securitycont.html
"Downtime is a Crime."
0 Kudos
Reply
Elias Abboud
Honored Contributor

‎07-20-2005 06:44 PM

‎07-20-2005 06:44 PM

Re: History of commands

Thanks a lot cheryl,

You've been very helpfull. Just one question though. does this I cant use the accounting feature in 11i systems? or does it mean it is obsolete and replaced by trusted system?

Thanks in advance
If you can't solve it, post it :)
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎07-20-2005 10:37 PM

‎07-20-2005 10:37 PM

Solution

Re: History of commands

FYI: The 11.11 Release Notes (on docs.hp.com) would contain what's new and what's obsoleted and it does not include any mention of accounting being obsoleted.

Also, the acct man page exists for 11.11 at http://docs.hp.com/en/B2355-90691/acct.1M.html

However, check out the acct man page, I don't think acct is the right solution for you. You want the history of commands, not the history of when a user logs on or off, quotas, etc.. Thats what accounting provides.

I think you are looking for auditing.
"Downtime is a Crime."
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.