HPE Community
Operating System - HP-UX
1830350 Members
2528 Online
110001 Solutions
New Discussion

How to track root - in CDE

 
Faizer Jameel
Frequent Advisor

‎04-21-2006 05:53 PM

‎04-21-2006 05:53 PM

How to track root - in CDE

Dear All
I have multiple system admins and I have manged to track each root access by setting the .profile to log the history of each users activity when they su to root
by doing the follwing.
HISTFILE=/.hist/${HOME}/`who am i|awk '{ print $1}'`-`date +%d:%m:%y.%H:%M`
export HISTFILE
HISTSIZE=500
export HISTSIZE

This does not track the activities if the user has logged in through CDE.
I need to know how to track the activities of root when they are logged in through CDE.
Thankyou all
Faizer
0 Kudos
5 REPLIES 5
RAC_1
Honored Contributor

‎04-21-2006 06:10 PM

‎04-21-2006 06:10 PM

Re: How to track root - in CDE

Modify .dt/dtprofile and set .profile to true.
There is no substitute to HARDWORK
0 Kudos
Alex Glennie
Honored Contributor

‎04-21-2006 09:38 PM

‎04-21-2006 09:38 PM

Re: How to track root - in CDE

cd /

vi /.Xresources

add

*loginShell:True

exit from CDE

try again ..... result ?
0 Kudos
Faizer Jameel
Frequent Advisor

‎04-22-2006 05:56 PM

‎04-22-2006 05:56 PM

Re: How to track root - in CDE

Nothing happened. There was no history file was created after I tried what you told me.
Thanks
0 Kudos
Faizer Jameel
Frequent Advisor

‎04-24-2006 08:59 PM

‎04-24-2006 08:59 PM

Re: How to track root - in CDE

no luck
0 Kudos
Haralambos
Advisor

‎04-26-2006 02:47 PM

‎04-26-2006 02:47 PM

Re: How to track root - in CDE

Do they have to login straight into CDE as root?

If not then have the following:

1. in /etc/securetty add the string 'console'
so that users will not be able to login
straight into the machine as root. They will
have to login as themselves and then
'su - root'.

2. in /etc/dt/config/Xstartup add the following code:
if [ $(id -u) = 0 ]; then
exit 1
fi

This will cause CDE to logout anyone that tries to login as root.

Then you will be able to review your /var/adm/sulog file for users that SUed into root.

Haralambos
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.