|
|
Sponsored Content
Operating Systems
AIX
Tracking Root commands
Post 302475298 by frank_rizzo on Saturday 27th of November 2010 08:31:02 PM
11-27-2010
|
|
10 More Discussions You Might Find Interesting
1. Solaris
Hello all,
I am having a problem with a Solaris 8 machine. Since 3 days ago I can´t login as root. I am able to login as a normal user and su. But as soon as I issue any command the system stop responding. If I log again as a normal user I see the process still runnig.
Something I noticed,... (1 Reply)
Discussion started by: kik_xxx
1 Replies
2. UNIX for Dummies Questions & Answers
Hi
I am working on LINUX shell scripting. I have root privileges and I know some basic root/admin commands like user creation, modification and so on. Till last week i was able to create users but now i am not able to create users or groups. When I give the command i got an error as ... (6 Replies)
Discussion started by: naina
6 Replies
3. UNIX for Advanced & Expert Users
I have to write a script (not C based) that allows to capture of all commands issued by the user “root”.
First, I tried to monitor the .bash_history but the commands are written in chunk after the .bash_history is closed.
How can I capture the commands in Real-Time without waiting root to... (4 Replies)
Discussion started by: elieifrah@gmail
4 Replies
4. HP-UX
Hi
I have been asked to find out how to
1) create users
2) reset passwords
3) kill processes that may require root privileges
without having root password, sudo rights or rights to passwd command
Any ideas?
Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies
5. Cybersecurity
Can any one help me with a script, which runs in background and mails me all the commands entered by root on any terminal for every hour. We have multiple people having root access on the server and creating a mess,i just wanted to monitor all the activity of the root. (13 Replies)
Discussion started by: vishnu787
13 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone hope you can help me
i have 5 root users and the problem with that is how can you see
witch root user did what on the box how can you track the users that
played on the servers.
1) What commands they typed (in linux you get history )
2) From witch ip did they connect to the server (3 Replies)
Discussion started by: sucram
3 Replies
7. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
8. Shell Programming and Scripting
is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies
9. Shell Programming and Scripting
Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user.
Please help, Thanks in advance.
-Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies
10. HP-UX
All team members has sudo access to user "batch55".
Need to track all the commands used by team members after sudo to "batch55".
Using HP-UX and ksh shell in our environment.
How can i acheive this?
Thanks In Advance. (2 Replies)
Discussion started by: venkatababu
2 Replies
LEARN ABOUT HPUX
audctl
audctl(2) System Calls Manual audctl(2) NAME
audctl() - start or halt the auditing system and set or get audit files SYNOPSIS
Remarks This function is provided purely for backward compatibility. HP recommends that new applications use the command to configure the auditing system. See audsys(1M). DESCRIPTION
sets or gets the auditing system "current" and "next" audit files, and starts or halts the auditing system. This call is restricted to processes with the privilege. cpath and npath hold the absolute path names of the "current" and "next" files. mode specifies the audit file's permission bits. cmd is one of the following specifications: The caller issues the command with the required "current" and "next" files to turn on the auditing system. If the auditing system is cur- rently off, it is turned on; the file specified by the cpath parameter is used as the "current" audit file, and the file specified by the npath parameter is used as the "next" audit file. If the audit files do not already exist, they are created with the mode specified. The auditing system then begins writing to the specified "current" file. An empty string or NULL npath can be specified if the caller wants to designate that no "next" file be available to the auditing system. If the auditing system is already on, no action is performed; is returned and is set to The caller issues the command to retrieve the names of the "current" and "next" audit files. If the auditing system is on, the names of the "current" and "next" audit files are returned via the cpath and npath parameters (which must point to character buffers of sufficient size to hold the file names). mode is ignored. If the auditing system is on and there is no available "next" file, the "current" audit file name is returned via the cpath parameter, npath is set to an empty string; is returned, and is set to If the auditing system is off, no action is performed; is returned and is set to The caller issues the command to change both the "current" and "next" files. If the audit system is on, the file specified by cpath is used as the "current" audit file, and the file specified by npath is used as the "next" audit file. If the audit files do not already exist, they are created with the specified mode. The auditing system begins writing to the specified "current" file. Either an empty string or NULL npath can be specified if the caller wants to designate that no "next" file be available to the auditing system. If the auditing system is off, no action is performed; is returned and is set to The caller issues the command to change only the "current" audit file. If the audit system is on, the file specified by cpath is used as the "current" audit file. If the specified "current" audit file does not exist, it is created with the specified mode. npath is ignored. The auditing system begins writing to the specified "current" file. If the audit system is off, no action is performed; is returned and is set to The caller issues the command to change only the "next" audit file. If the auditing system is on, the file specified by npath is used as the "next" audit file. cpath is ignored. If the "next" audit file specified does not exist, it is created with the specified mode. Either an empty string or npath can be specified if the caller wants to designate that no "next" file be available to the auditing system. If the auditing system is off, no action is performed; is returned, and is set to The caller issues the command to cause the auditing system to switch audit files. If the auditing system is on, it uses the "next" file as the new "current" audit file and sets the new "next" audit file to cpath, npath,and mode are ignored. The auditing system begins writing to the new "current" file. If the auditing system is off, no action is performed; is returned, and is set to If the auditing system is on and there is no available "next" file, no action is performed; is returned, and is set to The caller issues the command to halt the auditing system. If the auditing system is on, it is turned off and the "current" and "next" audit files are closed. cpath, npath, and mode are ignored. If the audit system is already off, is returned and is set to Security Restrictions Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege. Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about privileged access on systems that support fine-grained privileges. RETURN VALUE
Upon successful completion, a value of is returned. Otherwise, is returned and the global variable is set to indicate the error. EXAMPLES
In the following example, is used to determine whether the auditing system is on, and to retrieve the names of the audit files that are currently in use by the system. char c_file[PATH_MAX+1], x_file[PATH_MAX+1]; int mode=0600; if (audctl(AUD_GET, c_file, x_file, mode)) switch ( errno ) { case ENOENT: strcpy(x_file,"-none-"); break; case EALREADY: printf("The auditing system is OFF "); return 0; case default: fprintf(stderr, "Audctl failed: errno=%d ", errno); return 1; } printf("The auditing system is ON: c_file=%s x_file=%s ", c_file, x_file); return 0; ERRORS
fails if one of the following is true: The caller does not have the privilege, or one or both of the given files are not regular files and cannot be used. The or cmd was specified while the auditing system is off. User attempt to start the auditing system failed because auditing is already on. Bad pointer. One or more of the required function parameters is not accessible. The cpath or npath is greater than in length, the cpath or npath specified is not an absolute path name. No available "next" file when cmd is or AUTHOR
was developed by HP. SEE ALSO
audomon(1M), audsys(1M), audit(5), privileges(5). TO BE OBSOLETED audctl(2)