HPE Community
Operating System - HP-UX
1835055 Members
3218 Online
110073 Solutions
New Discussion

Track root login through CDE etc

 
SOLVED
Go to solution
Faizer Jameel
Frequent Advisor

‎04-24-2006 09:02 PM

‎04-24-2006 09:02 PM

Track root login through CDE etc

Dear All
I have multiple system admins and I have manged to track each root access by setting the .profile to log the history of each users activity when they su to root
by doing the follwing.
HISTFILE=/.hist/${HOME}/`who am i|awk '{ print $1}'`-`date +%d:%m:%y.%H:%M`
export HISTFILE
HISTSIZE=500
export HISTSIZE

This does not track the activities if the user has logged in through CDE or any desktop environment[ like reflection, xbrowser etc] terminal.
I need to know how to track the activities of root when they are logged in through CDE or any desktop client.
Thankyou all
Faizer
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎04-24-2006 09:14 PM

‎04-24-2006 09:14 PM

Re: Track root login through CDE etc

Shalom,

.dtprofile needs to be altered.

It can be altered to always source /etc/profile or to generate its own logs.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Faizer Jameel
Frequent Advisor

‎04-24-2006 09:28 PM

‎04-24-2006 09:28 PM

Re: Track root login through CDE etc

Hi Steven
How is it done... Can I ahve the steps for it. I am on my system and can tryit.
I have the following lines in .dtprofile of the root user.

HISTFILE=/.hist/${HOME}/`who am i|awk '{ print $1}'`-`date +%d:%m:%y.%H:%M`
export HISTFILE
HISTSIZE=500
export HISTSIZE

0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎04-24-2006 09:50 PM

‎04-24-2006 09:50 PM

Solution

Re: Track root login through CDE etc

Hi Jameel,

In the root's home directory, edit .dtprofile file and include the following line..

DTSOURCEPROFILE="true"


After saving, login through CDE session for root and check, I think the history part should work fine as expected.

Regards,
Senthil Kumar .A
----------------------------------

WARNING:

If you plan to source your .profile or .login script, you should first modify it so that it can be used in both CDE and non-CDE environments by enclosing CDE-only and non-CDE-only commands in if blocks that test the variable $DT.

e.g. ...

if [ ! "$DT" ]; then
# Commands and environment variables used when logging
# into a non-CDE session
stty ...
tset ...
fi
# Commands and variables common to both CDE and non-CDE sessions
PATH=$HOME/bin:$PATH
DISPLAY=mydisplay:0
MAIL=/usr/bin/mail/$USER
EDITOR=/usr/bin/vi
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
Reply
Faizer Jameel
Frequent Advisor

‎04-24-2006 10:05 PM

‎04-24-2006 10:05 PM

Re: Track root login through CDE etc

Hi Senthil
I had already uncommented the line as you mentioned, by going thru the notes on the .dtprofile. It logs the activities in the history file that is being setup.
I have also setup the xtstartup so that root would not be able to login thru the terminal/desktop.
It does work and the History too works.

Senthil ... anyway you would have the points as this would help many others too.

The su root command does not log the history but su - root logs the history of the user.
Any idea to trap this.
Thanks for your help and time. The points are on.
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎04-24-2006 10:34 PM

‎04-24-2006 10:34 PM

Re: Track root login through CDE etc

Hi,

The diff b/w "su" and "su - root" being, all the startup scripts are sourced in the latter case and does not source it in former, hence the history file is not filled, because, the HISTFILE variable of the normal user who "su"ed is still used for history purposes. Try checking the history file of the normal user for the commands used. The other work around might be to provide a wrapper to "su" command. Though I haven't tried this option.

But anyway. I have a better suggestion intead of "su". Instead of having multiple users having to login as root, you can implement a free product that is available nowadays, which is more effective in tracking not only the command but also the user who keyed in with time stamp. The product I'm talking about is "sudo". If you noticed, History facility does not have time stamp embeded in it.

You can download sudo from the following link..

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p9/

Regards,
Senthil Kumar .A
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Faizer Jameel
Frequent Advisor

‎04-24-2006 10:42 PM

‎04-24-2006 10:42 PM

Re: Track root login through CDE etc

Hi Senthil
I will try this.
Thanks alot
keep in touch if possible.
[fjameel@hotmail.com]
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.