HPE Community
Operating System - HP-UX
1831402 Members
3025 Online
110025 Solutions
New Discussion

Re: Monitoring kill execution

 
David_711
Frequent Advisor

‎11-11-2004 02:02 AM

‎11-11-2004 02:02 AM

Monitoring kill execution

I want monitoring the execution of kill command and save the information in a log file. I want monitoring; uid, date, and process that is killed.

Somebody have a script or program that can helpme.

Thanks a lot

David
0 Kudos
Reply
5 REPLIES 5
RAC_1
Honored Contributor

‎11-11-2004 02:06 AM

‎11-11-2004 02:06 AM

Re: Monitoring kill execution

The following is the old post of yours. The ways mentioned in the thread can help you.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-11-2004 02:12 AM

‎11-11-2004 02:12 AM

Re: Monitoring kill execution

First of all, kill is a shell built-in so that in order to make this work (good luck) you would have to ensure that all your users alias kill to use /usr/bin/kill --- and that said alias remains in place (again, good luck). A regular user cannot kill (more properly, signal) a process outside his process group -- only a privilged user can do that. Any priviliged user can easily hide their tracks by editing/removing any log files. Rather than writting a wrapper for /usr/bin/kill, I would write a C substitute but it's still far from foolproof.

This is a case where what is really needed is not a utility but discipline and education.

If it ain't broke, I can fix that.
0 Kudos
Reply
David_711
Frequent Advisor

‎11-11-2004 02:39 AM

‎11-11-2004 02:39 AM

Re: Monitoring kill execution

Rac,
That is true, but not work.
The script not log nothing.

Thanks
David
0 Kudos
Reply
David_711
Frequent Advisor

‎11-11-2004 03:56 AM

‎11-11-2004 03:56 AM

Re: Monitoring kill execution

Hi again.
One question more. I activate the trusted mode in my hpux 11.11 for log only kill command. There is installed sybase and cobis,
But when the service is started the file.log of my kill command register processes killed by sybase.
How do i can do for only log the kill command executed by only the users and not by sybase.
I activated the modes sucessfull and failed kill; and succesfull only separately, but the result is the same.

Any help
Thanks
David
0 Kudos
Reply
RAC_1
Honored Contributor

‎11-11-2004 04:16 AM

‎11-11-2004 04:16 AM

Re: Monitoring kill execution

You can use audusr to audit particular users.
man audusr for details.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.