HPE Community
Operating System - HP-UX
1835259 Members
2569 Online
110078 Solutions
New Discussion

Server root access issue

 
bhupals
Occasional Contributor

‎04-08-2006 01:46 PM

‎04-08-2006 01:46 PM

Server root access issue

Hi,
In my origination there is three system admin and every one has root password, I want to know that how many times they are accessing the system and what commands they are running on system becz the server is very critical. How can we track it ???

Please help me if possible......



Thanks

Bhupal Singh
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎04-08-2006 06:16 PM

‎04-08-2006 06:16 PM

Re: Server root access issue

Shalom Bhupal,

Few ideas:

1) User is forced to log on as him/her self and then su - root. The logging is done to a different file based on who am i output

# in profile
H1=$(who am i | awk '{print $1}')
HISTFILE=".sh_history${H1}"

This gives a different file depending on what the originating user is.

To make this work, you MUST disable direct root login.

2) Several user id's with id zero that have their own home directories and HISTFILE (s).
This is a security problem and even though we do it where I work,I'd go for option 1.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Darrel Louis
Honored Contributor

‎04-08-2006 08:28 PM

‎04-08-2006 08:28 PM

Re: Server root access issue

Hi,

There is no need for them to know the root password. If you implement sudo they can become root and perform there work.
When implementing sudo you also need to modify the /etc/profile so that you can keep track of what they are doing.
if [ `whoami` = "root" ]
then
export HISTFILE=~/.hist.sa.`logname`
else
export HISTFILE=~/.hist.`logname`
fi
But keep in mind that the history file isn't keeping track of when a command was executed.

GoodLuck

Darrel
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.