Modification of logs access tru logging

austere_88 · ‎09-20-2007

Hi, anyone got any ideas do HPUX have this monitoring processs when su or admin user modified the server logs to clear the traces of them accessing the system.

Matti_Kurkela · ‎09-20-2007

Use the network functionality of syslog to send a copy of the log messages to another host, then make sure this user does not have admin access to the system that receives the logs. The admin can stop the sending of the log messages and/or send false ones, but with this setup, he/she cannot remove nor change anything that's already logged.

If someone has root access to a normal HPUX system, he/she can disable any locally-installed monitoring or cause it to produce false information.

MK

MK

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Modification of logs access tru logging

Modification of logs access tru logging

Re: Modification of logs access tru logging