12-05-2018
I'm sure if a user did malicious things, he would delete the history file or forge it easily.
History is not auditing.
Only why to track that is by employing auditing, which i never turned on on HPUX v3.
But i did find a document describing it with a lot of information.
https://support.hpe.com/hpsc/doc/pub...r_na-c02899022
Be careful playing with audit, do not
just do it on production systems, use test systems first.
Audit configuration requires careful planning and implementation.
Hope that helps.
Regards
Peasant.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello!
I want users in a certain group to be restricted to their home directory. So that they have full access to all files and folders in their home directory but the cant go to any directory above.
Does anyone know how to do this?
Anders (1 Reply)
Discussion started by: alfabetman
1 Replies
2. Programming
Hi,
I would like to monitor which users enter my home directory. Is it possible to write a script or code to do this. I donot have admin privileges. I have given read permissions to access my home directory.
Any pointers in this direction is helpful!
Thanks,
Pradeep
Ps: I use the... (1 Reply)
Discussion started by: mnpradeep
1 Replies
3. UNIX for Dummies Questions & Answers
Hi
I want to know which profile will be called when a user without home directory is created.
When I created a user without home directory(by setting in /etc/default/useradd), the user is able to login directly into the main "/" folder but with only read permissions.
Thanks
naina (3 Replies)
Discussion started by: naina
3 Replies
4. UNIX for Dummies Questions & Answers
Hi,
I am looking for a shell script (or any other way), that puts a user in a home directory jail. So for example, I have a user named richard and I don't want him wandering outside /usr/users/richard. I don't want him to cd to anywhere including cd ..
Somebody said you can do that with... (3 Replies)
Discussion started by: mz043
3 Replies
5. UNIX for Dummies Questions & Answers
I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing.
The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies
6. Solaris
How to find al the user's home directories? (2 Replies)
Discussion started by: a2156z
2 Replies
7. Solaris
Hi Guys,
I have a problem with configuring a server. this is a solaris 10 with sparc platform.
I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display.
I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies
8. Shell Programming and Scripting
Following on from this post:
https://www.unix.com/shell-programming-scripting/150201-simple-script-mount-folder-all-users-home.html
and getting told off for bumping the thread:(
Please could someone help me with a short script to check is a certain directory is present in /home for all users... (8 Replies)
Discussion started by: barrydocks
8 Replies
9. UNIX for Dummies Questions & Answers
Hi I've just made a directory, what command do I use to now make it the base directory?
Thanks!!!!!!!!!!!!!!! (1 Reply)
Discussion started by: beckywatson
1 Replies
10. UNIX for Advanced & Expert Users
Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies
LEARN ABOUT ULTRIX
auditmask
auditmask(8) System Manager's Manual auditmask(8)
Name
auditmask - get or set auditmasks
Syntax
auditmask [ option ... ] [ event[:succeed:fail]
Description
The command with no arguments displays the system-calls and trusted-events currently being audited for the system, and displays whether
they are being audited under successful or failed occurrences or both. The format used for the display is acceptable as input to the com-
mand.
The command with event arguments sets the system-call and trusted-event audit masks for the system. This is cumulative operation, so it is
possible to turn on or off audit for one set of events, then turn on or off audit for a second set of events without changing the first set
of events (except for intersection between the two sets). Command line arguments to can include one or more events, each with an optional
field :succeed:fail, where succeed is either 0 to specify no auditing of successful occurrences of event, or 1 (or any non-zero character)
to specify auditing of successful occurrences of event; and fail is either 0 to specify no auditing of failed occurrences of event or 1 (or
any non-zero character) to specify auditing of failed occurrences of event. The event name is the system-call name or the trusted-event
name (see audit.h ).
The command will also accept redirected input, which can be the output of a previously issued command. This is a file which contains lines
of the format event [succeed][fail]. If the keyword succeed is present, successful occurrences of that event will be audited; if the key-
word fail is present, failed occurrences of that event will be audited; if both are present, successful and failed occurrences will be
audited; if neither keyword is present, that event will not be audited.
The auditmask command can also be used to set the audit style characteristics of the audit subsystem. These characteristics control how
much information is recorded on exec operations.
The command is used in to initialize the auditmask at boot time according to the file This makes use of privileged operations within the
system call.
Options
-f Turns on full auditing for the system. This list may include events which have no symbolic name and are represented only by a
number (reserved for future use); these events will not be audited, despite their presence in the auditmask.
-n Turns off all auditing for the system.
-s aud_style
An aud_style of "exec_argp" enables the auditing of the argument list to an or syscall. An aud_style of "exec_envp" enables
the auditing of the environment strings to an or syscall.
See Also
audcntl(2)
auditmask(8)