Visit Our UNIX and Linux User Community

Tracking Root commands

Thread Tools Search this Thread
Operating Systems AIX Tracking Root commands
# 1  
Old 11-23-2010
Power Tracking Root commands

Hi All

How can track what commands are entered by the Root user. Is there a log besides using the history command that lists all commands entered for a period of time.

# 2  
Old 11-23-2010
Not in a secure way by default. You might want to check out auditing. There is a Redbook about it. On the other hand, root can usually always manually manipulate anything. Though with AIX 6 you got RBAC where this could be limited maybe (I don't have it at hand).
This User Gave Thanks to zaxxon For This Post:
# 3  
Old 11-26-2010
Don't log on as root

Because root is unrestricted, it can be very dangerous if you enter a command on the wrong session. We have a number of us here with full system management role which would normally be assigned to the root user, but we have a tool called sudo installed. This allows you to create a file of permitted commands for non-root users and there are other tools in the suite that allows you to start a shell if you absolutely have to but then monitors what you do.

Of course it is not foolproof, but someone would have to go out of their way to be malicious in the first place.

It under here Sudo Main Page

I would suggest a donation because it is free, but very good stuff. I am only a user and not connected to the group who write this. There is also a forum that I am subscribed to for help/support and suggestions.

I hope that this helps

# 4  
Old 11-26-2010
Redirect the history to a log file as below:
# history > command.log 

# 5  
Old 11-27-2010
check out AIX auditing.
# 6  
Old 11-28-2010
Check out this link for enable auditing. You can track all the details by specifying in audit conf file.
pSeries and AIX Information Center

Hope this help you...

---------- Post updated at 11:09 AM ---------- Previous update was at 11:07 AM ----------

sorry, pls find the exact link
Auditing overview
# 7  
Old 11-29-2010
Here is a "poor mans solution" you might get going - i once tried it in a project but didn't succeed, maybe my own fault:

1) To log securely (that is: the systems administrator should have no possibility of altering the logs) you need a remote server, which the admin has no control over. You could write the logs there.

One of the drawbacks of the normal syslog is that either the output is files (locally) or network, but not both. You want the syslog-written logs to be accessible by the admins, just some should be non-alterable by them. This can be done by replacing syslog with "Syslog-NG", a freely available syslog-replacement.

2) There is a freeware tool "Snoopy logger", which intercepts (via a PRELOAD-library) the system calls exec() and execve() and documents them via a syslog-facility.

This is where i failed: i tried Snoopy 1.3.x, but while it was (with some small hack) working perfectly on Linux systems i didn't get it to work on AIX systems although i did get a clean compile. Since then Snoopy is out in a new version (1.6.x) and maybe does work on AIX systems too - i haven't checked since then.

Maybe someone with more programming experience on AIX then me is able to find out why it didn't work on AIX systems either. The source is very small (1-2 screens full) so it should take only minutes to analyze it.

I hope this helps.


Previous Thread | Next Thread
Test Your Knowledge in Computers #953
Difficulty: Medium
A memory-resident virus installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down.
True or False?

10 More Discussions You Might Find Interesting

1. HP-UX

Tracking what commands were executed after sudo to another user

All team members has sudo access to user "batch55". Need to track all the commands used by team members after sudo to "batch55". Using HP-UX and ksh shell in our environment. How can i acheive this? Thanks In Advance. (2 Replies)
Discussion started by: venkatababu
2 Replies

2. Shell Programming and Scripting

Script to run commands as root user

Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user. Please help, Thanks in advance. -Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies

3. Shell Programming and Scripting

How to restrict root user from running some commands

is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies

4. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

5. UNIX for Dummies Questions & Answers

tracking root users

Hi everyone hope you can help me i have 5 root users and the problem with that is how can you see witch root user did what on the box how can you track the users that played on the servers. 1) What commands they typed (in linux you get history ) 2) From witch ip did they connect to the server (3 Replies)
Discussion started by: sucram
3 Replies

6. Cybersecurity

How do i find all the commands entered by root on any terminal

Can any one help me with a script, which runs in background and mails me all the commands entered by root on any terminal for every hour. We have multiple people having root access on the server and creating a mess,i just wanted to monitor all the activity of the root. (13 Replies)
Discussion started by: vishnu787
13 Replies

7. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

8. UNIX for Advanced & Expert Users

Capture of all commands issued by the user “root”

I have to write a script (not C based) that allows to capture of all commands issued by the user “root”. First, I tried to monitor the .bash_history but the commands are written in chunk after the .bash_history is closed. How can I capture the commands in Real-Time without waiting root to... (4 Replies)
Discussion started by: elieifrah@gmail
4 Replies

9. UNIX for Dummies Questions & Answers

root/admin commands in LINUX

Hi I am working on LINUX shell scripting. I have root privileges and I know some basic root/admin commands like user creation, modification and so on. Till last week i was able to create users but now i am not able to create users or groups. When I give the command i got an error as ... (6 Replies)
Discussion started by: naina
6 Replies

10. Solaris

Can´t issue commands as root

Hello all, I am having a problem with a Solaris 8 machine. Since 3 days ago I can´t login as root. I am able to login as a normal user and su. But as soon as I issue any command the system stop responding. If I log again as a normal user I see the process still runnig. Something I noticed,... (1 Reply)
Discussion started by: kik_xxx
1 Replies

Featured Tech Videos