03-21-2019
Quote:
Originally Posted by
ggayathri
How do I find out when/who modified the id settings?
This is a part of systems administration which is called "auditing": security is to make sure only the right person/function is allowed to do things. Auditing is about documenting what he has done and when and why.
As with security the OS offers way to implement it but you have to actually implement it for it to be in place. You
can run a system without any security and you
can run it without any auditing in place - it might not be wise to do so, but it is possible. Finding out after the fact about what has happened is possible - to some degree, like Don Cragun already insinuated - but in a strict sense not possible. I suggest you take the lesson learned from that and put a system in place that will prevent you getting into the same situation. Thats the best you can do.
Notice that you should make a thorough plan for such an endeavour before implementing it. In most companies this is done on an ad-hoc basis ("we had this incident lastly so how do we prevent it") and usually by people not working the system. This is the reasons a lot of practically unworkable systems are in place. You need to get a tradeoff between practicality, performance impact, documentation needs a few other things. Otherwise the tendency is people search for (and find) shortcuts to circumvent the system to get their work done still in reasonable time and with reasonable effort.
If you have a room with valuable goods in it it makes sense to put a lock on the door. If you try to "enhance security" and put 10 locks on the door and everybody needing to get in there has only one key so that he needs to get 9 other people to convene to open the door chances are the things in this room will be placed outside of it just to avoid having to go through the hassle. This is exactly the opposite of what the door was supposed to do when the first lock was placed on it. Sadly enough i have seen such "solutions" proposed ad put into place times and again.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Did anyone knows how to check size/usage of a Volume Group in AIX 4.3.3? (4 Replies)
Discussion started by: s_aamir
4 Replies
2. UNIX for Dummies Questions & Answers
Is there a log or command in unix to check who created a user group?
Thanks in advance (3 Replies)
Discussion started by: newbit
3 Replies
3. Shell Programming and Scripting
Hi all,
How can I check if a particular user id belongs to a group?
(ie. how to check if the current user `whoami` is part of the a certain group? do i use the group name of group id?)
Thanks in advance (2 Replies)
Discussion started by: rockysfr
2 Replies
4. AIX
Hi all,
I would like to ensure that a volume group has an effective quorum setting of 1 (or off). I know you can change the quorum setting using the chvg -Q command but want to know if the setting has been changed before the vg was varied on or a reboot.
In other words how can I ensure that... (3 Replies)
Discussion started by: backslash
3 Replies
5. Solaris
Previously , i remove the disk by
#vxdg -g testdg -k rmdisk testdg02
But i got error when i -k adddisk
bash-2.03# vxdisk list
DEVICE TYPE DISK GROUP STATUS
c0t0d0s2 auto:none - - online invalid
c0t1d0s2 auto:none ... (1 Reply)
Discussion started by: waibabe
1 Replies
6. Red Hat
Hello,
How can I obtain a lists of disks with their size (anytype: SAN LUNs, internal disks, etc.) attached to the system and not being extended inside a volume group?
The purpose of this list is to be part of a function of a script that I'm doing in order to resize filesystems and in the... (6 Replies)
Discussion started by: asanchez
6 Replies
7. AIX
Hi huys,
Sorry for my bad english, i'm french :o .
I've got a little question : is there a way to check status of a VG on aix 6.1 ? I want to know if a VG is locked or not...
I can do a "lsvg -Ll rootvg" for example, but if this VG is already locked, the process waits without gives me the... (2 Replies)
Discussion started by: akorx
2 Replies
8. Shell Programming and Scripting
Hi Gurus,
I need check existing number of file based on the list in file list.
for example:
in my file list. I have below:
abc, file1.txt
abc, file2.txt
abc, file3.txt
abc, file4.txt
cde, filea1.txt
cde, filea2.txt
cde, filea3.txt
...
in my current file direcotry, I have file:... (0 Replies)
Discussion started by: ken6503
0 Replies
9. UNIX for Dummies Questions & Answers
How do you check users in a linux group? (7 Replies)
Discussion started by: cokedude
7 Replies
10. UNIX for Dummies Questions & Answers
hello masters ,
please help here. I have 4 cols, I am looking for consistent 'geno' values within
'line', 'part' combinations. If the geno values are not consistent within a 'line', 'part' block, then we delete that block. One of the complications is that geno values are always 2 character, but... (7 Replies)
Discussion started by: ritakadm
7 Replies
LEARN ABOUT HPUX
vgexport
vgexport(1M) vgexport(1M)
NAME
vgexport - export an LVM volume group and its associated logical volumes
SYNOPSIS
mapfile] outfile] vg_name
mapfile vg_name
DESCRIPTION
Using the format of the first command line of the above, the command can be used to remove a volume group from the system. The volume
group will be removed without modifying the logical volume information found on the physical volumes.
The volume group identified by vg_name is removed from the or file, and the associated device files including the vg_name directory and
file are removed from the system.
The volume group information and data is untouched on the physical volume. These disks can be imported to another system with the command
(see vgimport(1M)).
Scan Option
Using the format of the second command line of the above, the command generates a mapfile that can be copied to other systems that are part
of a high availability cluster (use the option if you do not want to remove the volume group from the system the command is being run from)
and the command (see vgimport(1M)) can be used to recreate the volume group. See also vgchange(1M). The mapfile contains a description of
the volume group and its associated logical volume(s) (if any). The logical volume information found on the physical volumes is not modi-
fied.
Options and Arguments
recognizes the following options and arguments:
vg_name The path name of the volume group.
By default, a file named
is created in the current directory. This file contains a description of the volume group and its associated logical
volume(s) (if any). Use this option to specify a different name for the file, mapfile. This file can be used as
input to (see vgimport(1M)). When used with the option, the volume group specified in the mapfile can be shared with
other systems in the high availability cluster.
Preview the actions to be taken but do not update the
or file or remove the devices file. This option is best used in conjunction with the option.
Print verbose messages
including the names of the physical volumes associated with this volume group.
Scan option. When the option is specified, then the options must also be specified. A mapfile is created that can be used to cre-
ate volume group entries on other systems in the high availability cluster (with the command).
Write the current set of
pv_paths for the volume group to the outfile. The outfile may then be used as the infile for the option. If used
together with the option the volume group is not exported but the list of pv_paths is still written to the outfile.
This may be useful to derive a list of pv_paths for the volume group or to use on another system which is sharing the
volume group and which has an identical configuration.
EXTERNAL INFLUENCES
Environment Variables
determines the language in which messages are displayed.
If is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to "C" (see environ(5)).
EXAMPLES
Export the volume group into mapfile The volume group will be removed from the exporting system.
Export the volume group and write the disk names into the file
Create a mapfile to be copied to other systems in a high availability cluster to build the volume group information for the volume group,
Note that the volume group is not removed from the exporting system. The importing systems will create the volume group with the command
using the and options.
SEE ALSO
vgimport(1M), vgscan(1M).
vgexport(1M)