- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: monitor certain system accounts
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2004 04:08 AM
03-15-2004 04:08 AM
We found a tool that goes along with sudo called sudoscript that basically uses a couple of Perl scripts with the "script()" call to monitor everything a person does after the point in which they do a "sudo su -
TIA
Todd
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2004 04:25 AM
03-15-2004 04:25 AM
Re: monitor certain system accounts
Auditing can be configured to monitor certain accounts, but it will produce a lot of logging unless you narrow down what you want audited. Take a look at the auditing man pages or http://docs.hp.com for more info.
regards,
Darren.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2004 04:36 AM
03-15-2004 04:36 AM
Re: monitor certain system accounts
Auditing can monitor most things.
There is also simple monitoring you can do on bad logins or keystrokes. Keystrokes are done by the HISTFILE parameter in profile. logins I check by script.
Attaching....
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2004 10:00 AM
03-18-2004 10:00 AM
Re: monitor certain system accounts
Thanks for the reply, but we are really looking to monitor what users actually do as other users (ie., oracle, root, etc.) when they sudo to these accounts. I know about the HISTFILE. I created a HISTFILE that logged to a different directory that kept a HISTFILE for that user, but the problem is is if they know about the HISTFILE they can just go and "cat /dev/null > $HISTFILE" and now we are left with no proof. Is there a way to do a tee in regards to the HISTFILE?
Todd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2004 11:59 AM
03-18-2004 11:59 AM
Re: monitor certain system accounts
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2004 01:31 PM
03-18-2004 01:31 PM
Re: monitor certain system accounts
You are exactly right. I too hate that it has come to this. That we have to monitor people because they either cannot own up to a mistake or are too stubborn to ask for help and think they need to circumvent the system in order to assist.
I have this tool called sudoscript found at:
http://egbok.com/sudoscript
Here is description of it:
Sudoscriptd/sudoshell are a pair of Perl scripts that provide an audited shell using sudo If you are familiar with sudo, you might well ask "doesn't running a shell under sudo defeat the purpose of the tool?" Yes and no. One reason for running sudo is to limit what commands can be run by users. These scripts do indeed defeat that purpose. But another reason to run sudo is to maintain an audit trail of commands issued by users with root privilege. These scripts preserve that audit trail by logging all terminal output to log files.
The problem with it is it starts up fine but when I try to execute another sudoshell it just hangs there waiting for a process to die. Im not sure why it doesnt work, but still trying to figure it out.
Todd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2004 09:02 PM
03-18-2004 09:02 PM
SolutionThe native auditing feature in HP-UX works, but is a major system hog.
What I recommend is a application called Powerbroker, by a company called Symark (www.symark.com).
It's a very powerful application that allows auditing, resource restrictions, and real-time monitoring of what the user is actually doing. So you can actually see what the user is typing while they're typing it. It's really very powerful.
-Hazem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2004 09:42 PM
03-18-2004 09:42 PM
Re: monitor certain system accounts
This can be done :
With Auditing Enabled through sam,You can use the following commands:
audusr (This command selects users to be
audited)
audevent (Display audit event status )
audmon (sets audit filesize parameters)
audisp (Displays the audit record )
The Audit data is securely stored in /.secure/etc/auditfile1
/.secure/etc/auditfile2
Hope this helps
Regards,
Imran Shaikh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2004 12:11 AM
03-19-2004 12:11 AM
Re: monitor certain system accounts
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2004 03:48 AM
03-19-2004 03:48 AM