HPE Community
Operating System - HP-UX
1832423 Members
3406 Online
110042 Solutions
New Discussion

HP-UX Audit system

 
Leuba_1
Visitor

‎03-28-2007 09:02 PM

‎03-28-2007 09:02 PM

HP-UX Audit system

My customer wants to customize the audit output file and wants the ip address used by the user.

Is it possible?

Thanks for help.
0 Kudos
Reply
3 REPLIES 3
Peter Godron
Honored Contributor

‎03-28-2007 10:09 PM

‎03-28-2007 10:09 PM

Re: HP-UX Audit system

Hi,
after nerarly 4 years the first question !

Could you please let us know what security audit system you are running.

Are you just running in trusted mode (what auditing sub systems have you switched on) or are you using one of these:
http://h20338.www2.hp.com/hpux11i/cache/323380-0-0-0-121.html

Please read:
http://66.34.90.71/ITRCForumsEtiquette/after.html


0 Kudos
Reply
Vadim Loginov
Advisor

‎03-29-2007 12:44 AM

‎03-29-2007 12:44 AM

Re: HP-UX Audit system

Hi,

Hopfuly it will help for the biginnig.

List of IP/hostnames connected to server yesterday using (ftp, ssh, telnet, remsh ..).

yest_date=`(TZ=GMT24BST; date "+%b %e")`

last -R | grep "$yest_date" > ydaylog

cat ydaylog | awk '{print $3}' | tr "[:upper:]" "[:lower:]" | sort | uniq > report

Regards,

Vadim
0 Kudos
Reply
Leuba_1
Visitor

‎03-29-2007 04:57 AM

‎03-29-2007 04:57 AM

Re: HP-UX Audit system

Info received from customer:

Hi,

I configured it both with trusted system's sam and also configured it manually.

In both case I get the same result. The file contains the results. I can't find any parameter to make it one line.

/etc/rc.config.d/auditing



AUDITING=1
PRI_AUDFILE=/.secure/etc/audfile1
PRI_SWITCH=1000
SEC_AUDFILE=/.secure/etc/audfile2
SEC_SWITCH=1000
AUDEVENT_ARGS1=" -P -F -e delete -e moddac -e modaccess -e login -e admin -e r
eaddac -s link -s unlink -s chdir -s chmod -s chown -s lchmod -s setuid -s stim
e -s access -s stat -s setsid -s setpgrp -s setpgrp3 -s lstat -s setgid -s acct
-s reboot -s utssys -s umask -s chroot -s ulimit -s setgroups -s setpgid -s setp
grp2 -s swapon -s fstat -s settimeofday -s fchown -s fchmod -s setresuid -s setr
esgid -s rename -s rmdir -s setrlimit -s privgrp -s setprivgrp -s plock -s lockf
-s semop -s shmdt -s _set_mem_window -s setdomainname -s setacl -s fsetacl -s s
etaudid -s setaudproc -s setevent -s audswitch -s audctl -s getaccess -s fchdir
-s semctl -s msgctl -s shmctl -s mpctl -s putpmsg -s adjtime -s serialize -s lch
own -s sched_setparam -s sched_setscheduler -s clock_settime -s toolbox -s fstat
64 -s lockf64 -s lstat64 -s setrlimit64 -s stat64 -s setcontext -s setregid -s s
hm_unlink -s mq_unlink -s ksem_unlink -s modload -s moduload -s modpath -s getks
ym -s modadm -s modstat -s spuctl -s acl -s __cnx_p2p_ctl -s __cnx_gsched_ctl -s
mem_res_grp -s settune -s pset_destroy -s pset_assign -s pset_bind -s pset_seta
ttr -s t64migration -s semtimedop -s audtag"
AUDEVENT_ARGS2=" -P -f -e logoff"
AUDEVENT_ARGS3=""
AUDEVENT_ARGS4=" -p -f -s accept -s bind -s close -s connect -s creat -s execv
-s execve -s exit -s exportfs -s fattach -s fdetach -s fork -s ftruncate -s ftr
uncate64 -s kill -s ksem_close -s ksem_open -s mkdir -s mknod -s mlock -s mlocka
ll -s mmap -s mmap64 -s mount -s mq_close -s mq_open -s msgget -s munlock -s mun
lockall -s munmap -s nsp_init -s open -s pipe -s pset_create -s ptrace -s ptrace
64 -s rtprio -s semget -s sendfile -s sendfile64 -s setpriority -s shm_open -s s
hmat -s shmget -s shutdown -s sigqueue -s socket -s socket2 -s socketpair -s soc
ketpair2 -s symlink -s truncate -s truncate64 -s ttrace -s umount -s umount2 -s
vfork -s vfsmount"
AUDOMON_ARGS=" -p 20 -t 1 -w 90"

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.