HPE Community
Operating System - HP-UX
1847253 Members
4243 Online
110263 Solutions
New Discussion

Re: user tracking

 
Raghuram Ollakal_1
Advisor

‎07-02-2002 09:43 AM

‎07-02-2002 09:43 AM

user tracking

I am looking for some info regarding user tracking on a HP 9000 server running HPUX 10.20. We have more than 250 users on this server. Recently we notice couple of users are trying to get into other users home folder and coping files to others home directory etc. When we notice that we change the right for the home directory and make it only read only to all others other than the owner. My question is, there is a way we can monitor the users activity on the server. I sow under sam there is a Audited Users. Is this something I can use to se the users activity.

no personal quote
0 Kudos
Reply
6 REPLIES 6
Sandip Ghosh
Honored Contributor

‎07-02-2002 09:49 AM

‎07-02-2002 09:49 AM

Re: user tracking

I think you need to change your system to a trusted system to take the advantage of that.

Sandip
Good Luck!!!
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

‎07-02-2002 09:54 AM

‎07-02-2002 09:54 AM

Re: user tracking

Hi,

Go to SAM and then convert your system to a Trusted System.

Piyush
0 Kudos
Reply
Arockia Jegan
Trusted Contributor

‎07-02-2002 09:57 AM

‎07-02-2002 09:57 AM

Re: user tracking

Hi,

convert the system to the trusted system,

#/usr/lbin/tsconvert -c

or

Do it through sam...

Then turn on the auditing...
0 Kudos
Reply
Martin Johnson
Honored Contributor

‎07-02-2002 10:00 AM

‎07-02-2002 10:00 AM

Re: user tracking

Take care when you turn on auditing. If you audit everything you will need Gigabytes/Terabytes worth of storage for the audit log. Select carefully what you want to audit.

HTH
Marty
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-02-2002 10:04 AM

‎07-02-2002 10:04 AM

Re: user tracking

The first thing that I would do is change the permissions on home directories to something more restrictive.
If it ain't broke, I can fix that.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-02-2002 06:45 PM

‎07-02-2002 06:45 PM

Re: user tracking

Unfortunately, the default permissions on an unmodified HP-UX box are not suitable for multiple users. umask is 00 which means that all root-created files and directories cannot be trusted and users will have the same problem: files=666, directories=777

First, explicitly set:

umask 077

in /etc/profile and /etc/csh.login

Then, change all /home/* directories to 700 and remove rw privileges for all files and directories in every user directory. Users can then give away permissions if they really want to, never by default.

To answer the question about watching the user activities, look at the .sh_history file in their $HOME directory. If the user is covering their tracks by zeroing this file or running a non-history shell like /usr/old/bin/sh, then you have a much bigger problem--the user is purposely trying to hack your system.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.