09-17-2008
you can't.
if you need an audit trail that cannot be tampered with then you should enable auditing.
8 More Discussions You Might Find Interesting
1. AIX
Morning, All.
Does anyone know how to stop qdaemon from emailing users when print jobs fail?
This is causing a problem as the application that we use is mail-aware; users get a prompt onscreen when they have unread mail in their UNIX account, however they don't all have access to the part of... (2 Replies)
Discussion started by: alexop
2 Replies
2. UNIX for Advanced & Expert Users
Hi ,
I have one question, suppose i am a normal user and when i use 'w' command , it shows who is logged on and what they are doing .
Now i want to stop others users to know what i am doing accept the root ?
can i do this ?
thanks (5 Replies)
Discussion started by: mobile01
5 Replies
3. UNIX for Advanced & Expert Users
Hi all!
I have a nice challange for you today :)
I have several users that use "tcsh" the problem is that they all have the same "home_dir" (application reasons...), now... as far as i know (correct me if i'm wrong) every user have an history file in his "home_dir" that calls ".sh_history" or... (0 Replies)
Discussion started by: eliraza6
0 Replies
4. HP-UX
As a system administrator. sometimes we see the users are trying some commands dangerous for the system health and remove them from their individual coomand history file.
How it is possible to enforce that the normal usres will will not be able to modify the history.
Thanks in advance.
Partha (4 Replies)
Discussion started by: partha_bhunia
4 Replies
5. Web Development
Hi,
I have the user who runs tomcat: tomcat:tomcats
I want to have another user who will be able to start and stop tomcat process.
Is this possible?
Thanks,
Bianca (1 Reply)
Discussion started by: potro
1 Replies
6. Linux
Is there a way to stop users changing the time on their machines
we are running fedora
thanks
Adam (4 Replies)
Discussion started by: ab52
4 Replies
7. Shell Programming and Scripting
Hi all,
Thanks in Advance,
i want to view my users commands, what commands they are using in their terminal like that, how to automate this history process daily. (6 Replies)
Discussion started by: anishkumarv
6 Replies
8. Shell Programming and Scripting
Hi folks,
I have the basic query that there are 3 unix boxes having their individual access now in my team there are 4 members who are using the same credentials to access those 3 boxes through putty ssh from their windows desktop , now if i want to check which 4 members have executed the... (1 Reply)
Discussion started by: punpun66
1 Replies
LEARN ABOUT HPUX
audwrite
audwrite(2) System Calls Manual audwrite(2)
NAME
audwrite() - write an audit record for a self-auditing process
SYNOPSIS
DESCRIPTION
is called by self-auditing processes, which are capable of turning off the regular auditing using the system call (see audswitch(2)) and
doing higher-level auditing on their own. is restricted to users with the privilege.
checks to see if the auditing system is on and the calling process and the event specified are being audited. If these conditions are met,
writes the audit record pointed to by audrec_p into the audit trail. The record consists of an audit record body and a header with the
following fields:
/* Date/time (tv_sec of timeval) */
/* Process ID */
/* Success/failure */
/* Event being audited */
/* Length of variant part */
The body contains additional information about the high-level audit event. The header fields and are specified by the calling process.
fills in and fields with the correct values. this is done to reduce the risk of forgery. Beginning with 11i version 3 release, converts
the record into a different format before writing it into the current audit trail.
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
If the write is successful, a value of is returned. Otherwise, a value of is returned and is set to indicate the reason for the failure.
ERRORS
fails if one of the following is true:
The caller does not possess the
privilege.
The event number in the audit record is invalid.
WARNINGS
If causes a file space overflow, the calling process might be suspended until the file space is cleaned up. However, a returned call with
the return value of indicates that the audit record has been successfully written.
AUTHOR
was developed by HP.
SEE ALSO
audswitch(2), audit(4), privileges(5).
audwrite(2)