HPE Community
Operating System - HP-UX
1846619 Members
1589 Online
110256 Solutions
New Discussion

Re: security problem

 
SOLVED
Go to solution
chuanpeng.wang
Frequent Advisor

‎10-12-2006 07:48 PM

‎10-12-2006 07:48 PM

security problem


Customer want to log everything that the users does on the system such as who, when login and logoff, what he does, etc.

Can we do these without third part software?
Is nettl or auditting system for this?

Thanks.
0 Kudos
Reply
5 REPLIES 5
Yang Qin_1
Honored Contributor

‎10-12-2006 07:55 PM

‎10-12-2006 07:55 PM

Re: security problem

You can find login logout information with last (lastb bad login) if you didn't cleaned you /var/adm/wtmp /var/adm/btmp

You can check user's .sh_history file for all commands he/she typed but there is not time stamp.

You can also turn on the system audit from sam

Yang
Reply
rariasn
Honored Contributor

‎10-12-2006 07:59 PM

‎10-12-2006 07:59 PM

Re: security problem

Hi chuanpeng.wang,

Modify /etc/rc.config.d/netdaemons file and include:

export INETD_ARGS="-l"


Reestart "inetd" daemon with option "-l"

# ps -ef|grep -i inet
root 1452 1 0 Sep 21 ? 1:10 /usr/sbin/inetd -l

rgs,

Reply
rariasn
Honored Contributor

‎10-12-2006 08:06 PM

‎10-12-2006 08:06 PM

Re: security problem

Sorry,

View information in /var/adm/syslog/syslog.log file. Sample ssh login:

Oct 13 10:03:11 minerva sshd[2229]: Accepted publickey for userfrom 172.16.0.41
port 54829 ssh2

rgs
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-13-2006 05:43 AM

‎10-13-2006 05:43 AM

Solution

Re: security problem

These commands will help. Assuming the user logs on as user1:

last -R user1
cat ~user1/.sh_history

Now these are not a complete picture at all. For instance, the user may edit a file with vi, then issue the vi command :!sh and now the user can run any commands without a trace.

You could setup the script command to track all the keystrokes and text sent to the screen but plan to spend a lot of time looking over all the output. It sounds like your customer does not trust a user. Rather than fixing the blame due to a mistake, tell your customer to create a safe menu rather than giving the problem user(s) a shell login.


Bill Hassell, sysadmin
Reply
David Bellamy
Respected Contributor

‎10-13-2006 07:55 AM

‎10-13-2006 07:55 AM

Re: security problem

When user is created add the script command in their profile.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.