Operating System - HP-UX
1839298 Members
1794 Online
110138 Solutions
New Discussion

Re: Need a software to know who deleted file

 
SOLVED
Go to solution
Safarali
Valued Contributor

Need a software to know who deleted file

Is any software availabe in HP to know who deleted the file or who modified when etc.

because my customer saying that some files are deleted, I could not find any thing in the history file etc.

Regards
Safar
8 REPLIES 8
Peter Godron
Honored Contributor
Solution

Re: Need a software to know who deleted file

Safar,
you should be able to narrow the field by looking at who had the file access rights to delete. Check the directory permissions.

Besides the history files, you could also look at the crontab files and see whether it may have been a automatic job that cleaned up.

Please also read:
http://forums1.itrc.hp.com/service/forums/helptips.do?#33 on how to reward any useful answers given to your questions.

So far you have not awarded any points !
Rasheed Tamton
Honored Contributor

Re: Need a software to know who deleted file

Hi Safar,
If you are really looking the security aspect of the system, I think just look for the baseline related products. Did you check the tripwire, Bastille or HIDS, Intrusion Det. System, etc.

Hope this might give some clues.

Regards,
Rasheed Tamton
Rasheed Tamton
Honored Contributor

Re: Need a software to know who deleted file


How about this link:

http://www.adager.com/VeSoft/HpUxSecurityConcerns.html

Did you check the PDF stuff.

Regards,
Rasheed Tamton.
Ivan Krastev
Honored Contributor

Re: Need a software to know who deleted file

Tripwire now is part from HP-UX Internet Express - http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123

regards,
ivan
Steven E. Protter
Exalted Contributor

Re: Need a software to know who deleted file

Shalom from Chicago Safar,

If you convert your system to trusted deleted may be in the audit logs.

Tripwire will work if you know in advance what file you want to track for delete.

You may already have a record of who did what.

The .sh_history file.

If the user profile set HISTFILE there is a record of what was done, sitting right there. The user can manipulate it, but most don't even know it exists.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Emil Velez
Honored Contributor

Re: Need a software to know who deleted file

Depending on your OS version if it is not 11.23 you can convert your system to trusted systems and then turn on auditing of the unlink system call which is what is done with removing a file.

If it is 11.23 there is a new auditing functionality that does not require trusted systems but you will have to use the new SmSE auditing and audit that system call.

The bottom line is that HPUX comes with the functionality.. It will utilize some resources to turn on auditing but if you need that or other auditing you will need to do it.

Good Luck

Emil
DavidJ
Regular Advisor

Re: Need a software to know who deleted file

Safar,

I am using a product from a local, South African, company which monitors my file systems and can inform me of changes to critical files and who changed it. Another feature of one of their products is a recycle bin for HPUX, not only does this allow you to get back any file that was deleted but it also holds a log of who deleted what.

If you would like to know more about this, then we could take it off line.

David
Everyday I beat my own previous record for number of consecutive days I've stayed alive.
Safarali
Valued Contributor

Re: Need a software to know who deleted file

Thanks for the support