HPE Community
Operating System - HP-UX
1827421 Members
4205 Online
109965 Solutions
New Discussion

Re: UNIX Shell Logging

 
Johnny2009
Occasional Contributor

‎07-21-2009 02:27 AM

‎07-21-2009 02:27 AM

UNIX Shell Logging

Hi,

Can someone recommend a product that would allow me to log details of users shell sessions? A bit like an expanded .sh_history file with timestamps for each command, & also details of commands entered in sessions with databases & other tools launched from the shell.

TIA

Johnny
0 Kudos
Reply
7 REPLIES 7
Suraj K Sankari
Honored Contributor

‎07-21-2009 03:00 AM

‎07-21-2009 03:00 AM

Re: UNIX Shell Logging

Hi,

Enable auditing into your server...

Suraj
0 Kudos
Reply
Ganesan R
Honored Contributor

‎07-21-2009 03:02 AM

‎07-21-2009 03:02 AM

Re: UNIX Shell Logging

Hi Jhonny,

Then you should go for auditing enabled.

Refer these links for more details

http://docs.hp.com/en/5992-3387/ch10.html

http://docs.hp.com/en/B2355-90121/index.html
Best wishes,

Ganesh.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-21-2009 03:25 AM

‎07-21-2009 03:25 AM

Re: UNIX Shell Logging

Shalom Johnny,

I would go with auditing for the server as recommended above.

I will however explain why.

.sh_history is a wonderful file, but in order to log peoples actions they need read-write permission to the files.

This means they can alter the contents.

Auditing collects data in a file that only root can access. Therefore a user trying to cover their tracks or mistake can not.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-21-2009 04:16 AM

‎07-21-2009 04:16 AM

Re: UNIX Shell Logging

If you are looking for an enterprise level solution with logging to remote server, where even the root user does not have direct access to, unlike auditing, I'd suggest using PowerBroker from symark software.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Johnny2009
Occasional Contributor

‎07-28-2009 01:22 AM

‎07-28-2009 01:22 AM

Re: UNIX Shell Logging

Thanks for the response guys. Appreciate it.
0 Kudos
Reply
Olivier Masse
Honored Contributor

‎07-28-2009 05:05 AM

‎07-28-2009 05:05 AM

Re: UNIX Shell Logging

Some places force everyone to run root commands using RBAC or sudo. But that's very intrusive, I don't like that solution.

Something more transparent consists of using the auditing subsystem to log most exec() calls and you would have the equivalent of what you're looking for, i.e. a timestamp, a command, and a username.

If on the other hand you want to log complete interactive sessions, meaning you would like to be able to playback what users did on their terminal and see what they saw, there is something now that does this and it's better than using script(1). I saw at HPTF2009 (in a non-NDA session) that HP developped such a tool, but I'm was not able to download Ron's slides so I don't know if it's available yet and what it's called.

Good luck
0 Kudos
Reply
Johnny2009
Occasional Contributor

‎07-29-2009 02:41 AM

‎07-29-2009 02:41 AM

Re: UNIX Shell Logging

OK - so I have started the auditing system taking mostly deault parameters, but dis extend the list of events within the /etc/rc.config.d/auditing
AUDEVENT_ARGS1="P -e login -e admin -e delete -e modaccess -e open"

I then logged into the sysetem via telnet, touched a file, vi the file, the rm the file, then logged out.

Yet, when I then view the audit trial using audisp , I only see my login, but no other activity.

I thought that the event list provided within the AUDEVENT_ARGS1 list would have captured all my events?

any ideas where I have gone wrong on this one?

thanks
Johnny
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.