HPE Community
Operating System - HP-UX
1830898 Members
3019 Online
110017 Solutions
New Discussion

Re: IDS and kill command

 
David_711
Frequent Advisor

‎10-27-2004 10:07 AM

‎10-27-2004 10:07 AM

IDS and kill command

Hi,
Is it possible monitoring the execution of the command kill with ids??

Thanks
David
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎10-27-2004 11:11 AM

‎10-27-2004 11:11 AM

Re: IDS and kill command

You can kill any running process.

Identify the process id from ps -ef grep ids
and kill the process id.

kill

Regards,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
David_711
Frequent Advisor

‎10-28-2004 03:01 AM

‎10-28-2004 03:01 AM

Re: IDS and kill command

Thanks, but i don´t want kill the ids daemon i want monitoring the kill command with my HIDS9000 aplication in my HPUX 11.11 server.

Thanks
Dav
0 Kudos
Reply
RAC_1
Honored Contributor

‎10-28-2004 03:26 AM

‎10-28-2004 03:26 AM

Re: IDS and kill command

If you convert your system to trusted mode, it is possible. What you need to do is, convert the system to trusted mode and enable auditing. with auditing monitor usage of kill sys call.

The detailed procedure for setting up accounting can be searched in forums. Converting system to trsuetd mode is doing /etc/tsconvert -c;/usr/lbin/modprpw -V

If you can not convert to trsuetd mode, we can do some script work to log all instances of kill command.

what you do is mv original kill command to some other dir/location. Instead of kill command have a script like follows.

#!/usr/bin/ksh

command = $(echo $0)
args = $(echo $*)

echo "${date} $(echo ${logname}) ${command} " >> /tmp/kill.log

/path/to/original/kill ${args}

The script has not been tested and may need some tuning.

Anil

There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.