HPE Community
Operating System - HP-UX
1834753 Members
3705 Online
110070 Solutions
New Discussion

Monitoring users

 
SOLVED
Go to solution
Jose Luis
Advisor

‎06-26-2002 08:23 AM

‎06-26-2002 08:23 AM

Monitoring users

Hello!
I have a question:
How can I know the commands executed for the users in the system (HP-UX 11.0)?
For example, in the case of the miss of a file, how can I know, who was erase it, or change the permission of a file?
Exist an application or procedure for lookin for this activity in the system?
Thank's in advance
The UNIX world is the tenth planet in the solar system
0 Kudos
Reply
10 REPLIES 10
Justo Exposito
Esteemed Contributor

‎06-26-2002 08:31 AM

‎06-26-2002 08:31 AM

Re: Monitoring users

Hi Jose Luis,

What about .history file?

Regards,

Justo.
Help is a Beatiful word
0 Kudos
Reply
Arockia Jegan
Trusted Contributor

‎06-26-2002 08:32 AM

‎06-26-2002 08:32 AM

Re: Monitoring users

By looking at their history files (.sh_history) you can find out who has done changes in the file. But there are some smart users who modify the history files if they have done some mistakes. Avoiding the generic user accounts and giving proper permissions to the files/users will help you to figure out who(some time a list of users) might have changes the files.
0 Kudos
Reply
steven Burgess_2
Honored Contributor

‎06-26-2002 08:35 AM

‎06-26-2002 08:35 AM

Re: Monitoring users

Jose

You have the .sh_history file for each user in their home directories

There are 2 variables in /etc/profile which can control this file

HISTFILE : Contains the name of the history file
HISTSIZE : Shows how many commands are kept in the history file

take your time and think things through
0 Kudos
Reply
Victor_5
Trusted Contributor

‎06-26-2002 08:38 AM

‎06-26-2002 08:38 AM

Re: Monitoring users

You can check .sh_history under every user's home directory.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎06-26-2002 08:41 AM

‎06-26-2002 08:41 AM

Re: Monitoring users

The .sh_history in the user's hoem directory is usually the way to check but that doesn't mean the user cannot modify or delete any traces from that file.
0 Kudos
Reply
Holger Knoppik
Valued Contributor

‎06-27-2002 04:05 AM

‎06-27-2002 04:05 AM

Solution

Re: Monitoring users

Hi Jose,

another suggestion:
Make the script command work for you! You can put it into the users profile, for example:
---snip---
script -a /var/adm/users/user1.log
---snip---

NOTE that only the script command is terminated when the user types exit. But you kann kill the PPID of his shell.

HTH

RGDS, Holger
Live long and prosper!
Reply
George Abraham_1
Regular Advisor

‎06-27-2002 04:08 AM

‎06-27-2002 04:08 AM

Re: Monitoring users

hai

put a line in cron such that it will start a script each time a user logs in.. the script file will have all the commands and their output logged in...

keep smiling
george
keep smiling
Reply
Ceesjan van Hattum
Esteemed Contributor

‎06-27-2002 04:17 AM

‎06-27-2002 04:17 AM

Re: Monitoring users

In reaction to Holker Knoppik, you should not set it into the userprofile, but in the /etc/profile, which is executed as well and should not be editable for users.

Regards,
Ceesjan
Reply
Holger Knoppik
Valued Contributor

‎06-27-2002 04:31 AM

‎06-27-2002 04:31 AM

Re: Monitoring users

Hi Ceesjan,

i should have known this ! OK, by default the user's .profile has permissions r--r--r--. The owner is the user himself. How about a chown root:sys to the .profile ? I would check that the script command does not run for root.

Just by the way ;-)

RGDS, Holger
Live long and prosper!
Reply
Martin Johnson
Honored Contributor

‎06-27-2002 07:09 AM

‎06-27-2002 07:09 AM

Re: Monitoring users

You may want to look into accounting to audit some activity.

HTH
Marty
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.