HPE Community
Operating System - HP-UX
1827680 Members
3252 Online
109967 Solutions
New Discussion

Re: user session logs

 
SOLVED
Go to solution
Michael G Jaynes
Advisor

‎08-15-2008 06:28 AM

‎08-15-2008 06:28 AM

user session logs

Because of SOX, we are no longer able to login as user root. However, the other sys admin and I login as our usernames and then su to the root account to perform most of our work. We use a SSH terminal session to login. Is there a way to prevent the root account from logging in this manner. I wouls like to give a screenshot to the suditors to prove we are no longer logging in with the root account. They say it is okay that we su to the account. Also am looking in to the logs from user sessions and when I su to root, it logs a login, so I am not sure how to prove that we are no longer loggin in.
0 Kudos
Reply
13 REPLIES 13
Aneesh Mohan
Honored Contributor

‎08-15-2008 06:41 AM

‎08-15-2008 06:41 AM

Re: user session logs

Hi,

Install SUDO software and configure the super user access to various accounts on sudo configuration file using "visudo".

Thanks,
Aneesh


0 Kudos
Reply
candlejack
Advisor

‎08-15-2008 06:41 AM

‎08-15-2008 06:41 AM

Re: user session logs

In /var/adm/syslog/syslog.log you can see who is switching users. For example, when I su to root I get an entry like this:

Aug 15 10:29:07 freddub su: + tZ matt-root

That shows that user "matt" is switching to "root," and not logging in directly.
"The future starts today, not tomorrow." -Pope John Paul II
0 Kudos
Reply
Prashanth Waugh
Esteemed Contributor

‎08-15-2008 07:10 AM

‎08-15-2008 07:10 AM

Re: user session logs

Hi Michal
Check the su log the path is /var/adm/sulog
also check user history file which will be in his /home directory.

Regards
Atul
For success, attitude is equally as important as ability
0 Kudos
Reply
Prashanth Waugh
Esteemed Contributor

‎08-15-2008 07:15 AM

‎08-15-2008 07:15 AM

Re: user session logs

Hi ,

Check the /var/adm/wtmp and /var/adm/utmp
for user logs

Reagrds
Atul
For success, attitude is equally as important as ability
0 Kudos
Reply
Deepak Kr
Respected Contributor

‎08-15-2008 05:32 PM

‎08-15-2008 05:32 PM

Re: user session logs

Try using sudo for all sysadmin tasks for which you require root level priviledges.

Stopping root loggin whenever you switch to root id is not a good idea keeping security of box in mind.

sudo is freely available and easy to configure ...

regds...DK
"There is always some scope for improvement"
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎08-15-2008 07:42 PM

‎08-15-2008 07:42 PM

Solution

Re: user session logs

I think everyone has missed the point so far.

To disallow root from connecting via ssh you need to modify the sshd_config file and set the option 'PermitRootLogin' to NO'.

Information available here:
http://docs.hp.com/en/5992-4213/apas02.html#v1229989

(Search for PermitRootLogin. There is also a sample sshd_config file at the bottom of the page.)
Reply
George_Dodds
Honored Contributor

‎08-16-2008 03:24 AM

‎08-16-2008 03:24 AM

Re: user session logs

Patricks hit the nail on the head.

In my last role we had to implement the same thing for SOX, you might well find that an auditor will come to keep you company while you run through a set of tasks for them.

We also had to run a script they gave us which checked system security.

At least that was the case the last 3 audits i had to deal with.
0 Kudos
Reply
Michael G Jaynes
Advisor

‎08-18-2008 07:18 AM

‎08-18-2008 07:18 AM

Re: user session logs

Thanks Patrick. That is exactly what I was looking for.
0 Kudos
Reply
Michael G Jaynes
Advisor

‎08-18-2008 07:31 AM

‎08-18-2008 07:31 AM

Re: user session logs

However I do not have that file at the path specified. I have 4 of them. Is the path different if I am on HP-UX 11.23?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎08-18-2008 07:36 AM

‎08-18-2008 07:36 AM

Re: user session logs

My sshd_config file is in /etc/opt/ssh.

Note that there is an sshd_config and an ssh_config (without the 'd').

Details on each are available in the man pages (man ssh_config ; man sshd_config). In a nutshell ssh_config is the client config. sshd_config is the ssh daemon config file.
0 Kudos
Reply
Michael G Jaynes
Advisor

‎08-18-2008 07:38 AM

‎08-18-2008 07:38 AM

Re: user session logs

I see.
I've got
/opt/ssh/etc/sshd_config
/opt/ssh/newconfig/opt/ssh/etc/sshd_config
/opt/ssh/src/ssh/etc/sshd_config
/opt/ssh/src/ssh/sshd_config

I am about to see if I can figure out what each is. Thanks for the help.

Michael
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-18-2008 07:45 AM

‎08-18-2008 07:45 AM

Re: user session logs

Shalom,

We are under SOX and still allowed to login under root. Hmmm.

http://www.hpux.ws/?p=19

That can create key exchange only root access system to system and comply with your auditors interpretation of SOX

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎08-18-2008 08:21 AM

‎08-18-2008 08:21 AM

Re: user session logs

>>/opt/ssh/etc/sshd_config
It should be this one.

>>/opt/ssh/newconfig/opt/ssh/etc/sshd_config
This is a sample file.

>>/opt/ssh/src/ssh/etc/sshd_config
>>/opt/ssh/src/ssh/sshd_config
Did you comple from source? These appear to be part of the source code.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.