HPE Community
Operating System - Linux
1834695 Members
2402 Online
110069 Solutions
New Discussion

trace root's activity

 
Lalo_Weng
Advisor

‎12-10-2002 12:15 AM

‎12-10-2002 12:15 AM

trace root's activity

Hello, All masters,

I want to trace all the activities root has peformed on my Hp-ux system. How can it do this? Are there any machnism in Hpux that can record the actions taken by root?

Thanks in advance.
Keep finding is the way.
0 Kudos
Reply
3 REPLIES 3
U.SivaKumar_2
Honored Contributor

‎12-10-2002 02:36 AM

‎12-10-2002 02:36 AM

Re: trace root's activity

Hi,

Without anybody's knowledge put this entry in root's .profile file.

script /tmp/.activ.log

Then if next time root login whatever command he types will be logged in to the file /tmp/.activ.log which can be read online
by this command.

tail -f /tmp/.activ.log

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
Ian Vaughan
Honored Contributor

‎12-10-2002 07:23 AM

‎12-10-2002 07:23 AM

Re: trace root's activity

Howdy,
if you want to have a look at what root has done recently & root's actions are already logged why not try:
$ more $HISTFILE
whilst logged in as root

If you want to log what root has done how about
HISTFILE=/etc/security/rootlogs/log.$(date +"%y%m%d").$(logname).$$

You will have to make the security/rootlogs dir under /etc

If you force people to "su" to root rather than log in directly this will also tell you *who* executed the commend as the $(logname) will pick up their original id.

If I was suspicious of what root was doing and I had the authority I would change the password before something went badly wrong.

There is built in auditing in hp-ux (hey, I thought I was in the linux forum?) but that is probably overkill for what you want.
HTH
Ian
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Reply
John Meissner
Esteemed Contributor

‎12-11-2002 10:57 AM

‎12-11-2002 10:57 AM

Re: trace root's activity

I would follow U.SivaKumar's advice with one small exception.

i would edit the .profile and put a better entry in:

script /tmp/`logname`.`date`.log

this way you know who su'd to root and what date and time they did this at
All paths lead to destiny
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.