How are the users connecting; ssh or telnet ? AFAIK on HP-UX SSH logins are recorded to syslog as PAM events. -- Thanks, Phil
----- Original Message ----- > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Aug 1, 2011, at 6:55 PM, Alisha Kloc wrote: > > Unfortunately, we can't make any changes to the HP-UX system, which > > means no cron jobs, no clearing logs, etc. All we're allowed to > > touch > > is OSSEC agent stuff. Within that, I have some flexibility if I use > > the process monitor to call a simple shell script, which allows > > consecutive commands like you suggested, but anything beyond that > > isn't allowed. > > > > Sounds like this might not be possible... > > What about tmp files? Run last and spit it out to /tmp/lastlog or > something.. Then have ossec monitor that file. Any changes should > pop out with check_diff. > > Or, if you can't do it locally on the hp-ux server, write a script on > the ossec manager that logs into the hp-ux machine, runs last, and > stores that locally on the ossec manager. Then just monitor that > log. > > > -Alisha > > - --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from > technology." > - - Niven's Inverse of Clarke's Third Law > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.16 (Darwin) > > iEYEARECAAYFAk459bwACgkQ8CjzPZyTUTTMMwCcCNjQ3cL0lL+G/byMwIvRj6hE > h3gAniADRO6Fd1JVWJGmJoSPi8Vs7Xw+ > =JCh9 > -----END PGP SIGNATURE----- >
