- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Recording events/commands/history of particula...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2003 08:18 AM
08-25-2003 08:18 AM
Recording events/commands/history of particular accounts
Also, how can I increase/decrease the number of entries kept in the history file?
I have been reading a lot about auditing (we do have our systems in trusted mode), however the size of the logs created is huge and the information within them many times is quite difficult to read... Plus much of it is more than what I really need, and the overhead, oh the overhead on the system.
I would prefer to set this in a place aside the .profile of each user, since it is a few of them, but not all of the accounts will be audited this way. Please share your ideas, thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2003 08:26 AM
08-25-2003 08:26 AM
Re: Recording events/commands/history of particular accounts
First, to increase/decrease the size of the history file, use the HISTSIZE variable: "export HISTSIZE=500" will keep 500 entries.
Second, since you want timestamps, the only way go get "history" is going to be through the system's accounting functions. If you can get along with out timestamps, you might want to look at the script command. Putting something like "script /tmp/histfile.$(whoami) in their startup script (profile or whatever) will give you a complete history, both input and output, of everything they do.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2003 08:34 AM
08-25-2003 08:34 AM
Re: Recording events/commands/history of particular accounts
Where do I set the HISTSIZE globally? For all users instead of per session?
Also, is there a place where I can place the "script" command so that it will create a record for all users logging in too? I guess I could use some sort of time stamp per time period (like add date and time to the specific histfile created), so that if they log in and out multiple times in a day at least I have an idea of the time frames when the commands took place. Also, why am I getting recorded a CR character in the history using script?
See this example from a short session:
===========================================
Script started on Mon Aug 25 12:00:54 2003
# pwd^M
/home/mad^M
# cd /^M
# q^H ^H^M
# pwd^M
/^M
# pwd^M
/^M
# cd hom^H ^H^H ^H^H ^H/home/mad^M
# pwd^M
/home/mad^M
# ls -^H ^H-la^M
total 5468^M
drwxr-xr-x 6 mad dba 3072 Aug 24 16:09 .^M
drwxr-xr-x 19 mad dba 1024 Aug 23 16:31 ..^M
-rw-r--r-- 1 mad dba 814 Apr 14 2002 .cshrc^M
drwx------ 2 mad dba 96 Aug 4 2002 .elm^M
===========================================
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2003 08:59 AM
08-25-2003 08:59 AM
Re: Recording events/commands/history of particular accounts
export HISTFILE=$HOME/.sh_history
Just to be sure, create the shell history file in every user's directory. Assuming (again) that all users have their HOME in the /home directory, do this one time:
umask 077
export PATH=/usr/bin
for MYHOME in /home/*
do
MYUSER=$(basename $MYHOME)
touch $MYHOME/.sh_history
chown $MYUSER $HOME/.sh_history
done
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2003 09:02 AM
08-25-2003 09:02 AM
Re: Recording events/commands/history of particular accounts
echo "export HISTSIZE=500" >> /etc/profile
That will set it for you and the next time someone logs in they will have the new HISTSIZE size of 500 lines.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2003 09:13 AM
08-25-2003 09:13 AM
Re: Recording events/commands/history of particular accounts
>Where do I set the HISTSIZE globally? For all users instead of per session?
As others said - use /etc/profile.
>Also, is there a place where I can place the "script" command so that it will create a record for all users logging in too?
Once again, if it's for all users, you're going to need to set it up in /etc/profile. For individual users, you can put it in their $HOME/.profile.
>Also, why am I getting recorded a CR character in the history using script?
I'm afraid that's the nature of the script command, you're seeing every keystroke, the backspaces, the carriage returns, everything. Admittedly, it makes it a little awkward to read.
I also just did a little experiment, putting the script command in /etc/profile, then logging in via CDE - it doesn't really work too well. The script file gets created but none of the commands that I execute in various dtterm windows get recorded. I think in this case you would have to add a script command to the button you use to raise the dtterm window.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2003 07:10 PM
08-25-2003 07:10 PM
Re: Recording events/commands/history of particular accounts
You may want to try samlog_viewer. For more information, refer to:
http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B3921-90010/B3921-90010_top.html&con=/hpux/onlinedocs/B3921-90010/00/03/317-con.html&toc=/hpux/onlinedocs/B3921-90010/00/03/317-toc.html&searchterms=samlog_viewer&queryid=20030825-210706
Hope this helps.
Regards,
Hemanth