- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Script to capture the commands run by users
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 02:36 PM
тАО04-15-2010 02:36 PM
I am trying to write a script which captures the commands run by other users in the system
One way of using this is by copying the history file of that user at a regular interval of time.
Do we have a better way of doing this, because i am looking to capture the command and the time it was ran.
Regards,
Druva
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 02:57 PM
тАО04-15-2010 02:57 PM
SolutionUsing the '.sh_history' file to monitor who did what isn't a guaranteed audit by any means. A user can truncate or remove the '.sh_history' to obliterate a record of what was performed.
Turning on auditing is one way to see who/what but then this has overhead that may be more than its worth.
If you system is well configured (secured) then the ability to inflict real damage is confined to the 'root' account. Securing the use of that account is paramount.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 03:11 PM
тАО04-15-2010 03:11 PM
Re: Script to capture the commands run by users
You need to be root to pull this off.
Check the user profile .profile
See what HISTFILE is set to.
copy that file to your repository.
I suggest giving it a unique name so you can tell who did what.
Setting the HISTFILE variable is all you need to do to capture keystrokes by users.
However, a user can alter his own HISTFILE, which is usually .sh_history . If you are looking for activity that should not be happening, the smart malicious user will edit the .sh_history file after they do whatever badness they do.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2010 03:37 PM
тАО04-15-2010 03:37 PM
Re: Script to capture the commands run by users
Yes I agree the points, thats why i am in the forum looking for a better way to monitor/capture commands ran by users in the system.
I am a root admin, and i can see that somebody has done some mischief on the system and i am not able to trace it.
Please help me with a script or a way to do it.
Thanks again,
Druva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-05-2010 09:26 AM
тАО05-05-2010 09:26 AM