HPE Community
Operating System - HP-UX
1820254 Members
2654 Online
109622 Solutions
New Discussion юеВ

How to trace a user or process's actions on HP Unix.

 
GnanaShekar
Regular Advisor

тАО05-18-2006 05:12 PM

тАО05-18-2006 05:12 PM

How to trace a user or process's actions on HP Unix.

Hi,

Today a user on HP Unix server reported some folders in his home directory are missing.

He started running a test suite for weblogic and after some time his home directory goes almost empty.

Is there a way I could trace what would have happened. Please suggest.

Thanks.
0 Kudos
Reply
3 REPLIES 3
GnanaShekar
Regular Advisor

тАО05-18-2006 07:17 PM

тАО05-18-2006 07:17 PM

Re: How to trace a user or process's actions on HP Unix.

Hi,

The command history for the user does not have any questionable rm commands.

#cat /etc/syslog.conf
*.info;mail.none /var/adm/syslog/syslog.log

Can only find logs for ftpd and sshd subsystem ... nothing much in syslog.log.

The user was running the test suite using /opt/java1.5/bin/java.

Recent findings show the /opt/java1.5 folder also has gone empty except a few files.

/opt and /home are 2 different filesystems on the server and a users test suite removes folders & files in his home directory as well as java folder... can't imagine...

Wish there was a way to log every action of a user or process that he runs. Please suggest.

Thanks
0 Kudos
Reply
Ninad_1
Honored Contributor

тАО05-18-2006 08:14 PM

тАО05-18-2006 08:14 PM

Re: How to trace a user or process's actions on HP Unix.

You can enable accounting - have a look at acct to log at a more detailed level.
But this will also consume a lot of space depending on what all you are logging.
For the mentioned probleem I suspect some problem with programming or a bug - for whichever script is deleting the stuff.
What are the permissions on your /opt/java1.5 folder ?
ls -ld /opt/java
dr-xr-xr-x 9 bin bin 1024 Nov 29 2001 /opt/java

Regards,
Ninad
0 Kudos
Reply
Frank de Vries
Respected Contributor

тАО05-18-2006 08:50 PM

тАО05-18-2006 08:50 PM

Re: How to trace a user or process's actions on HP Unix.

We use WebSphere, but I can imagine some principles must be similar:

We wanted to trace user sessions as well and
we found a tool called ../jms/openjms-0.7.2

We have configured it to start with each
java session and we get a log we can
access via a browser

The scripts goes like this:
See if it can be useful:

#!/bin/sh

WAS_HOME=/tstnew/WebSphere/jms/openjms-0.7.2
export WAS_HOME

if [ -z "$JAVA_HOME" ] ; then
JAVA_HOME=$WAS_HOME/java
export JAVA_HOME;
fi

if [ "$OPENJMS_HOME"x = x ]; then
OPENJMS_HOME=/tstnew/WebSphere/jms/openjms-0.7.2
export OPENJMS_HOME;
fi

EPROTIS_LIB=$WAS_HOME/eprotis/lib
export EPROTIS_LIB;

CLASSPATH=$CLASSPATH:$EPROTIS_LIB/classes12.zip
export CLASSPATH;

echo WAS_HOME=$WAS_HOME
echo JAVA_HOME=$JAVA_HOME
echo OPENJMS_HOME=$OPENJMS_HOME
echo EPROTIS_LIB=$EPROTIS_LIB
echo CLASSPATH=$CLASSPATH

$OPENJMS_HOME/bin/startjms.sh -config eprotis_tcp_jms_jdbc.xml

Keep cooking:)

Look before you leap
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.