Anonymous_User Absent Member.
Absent Member.
721 views

How to audit shell built-in commands? set -o audit 2?


Hi all,

I want to see shell built-in commands (pwd, cd, kill) in the Command
Control report. I found in documentation that "set -o audit 2" means "2:
Enables auditing of all commands including commands that are built into
the user's shell. This level of auditing can affect login times.".

Ok, I've added set -o audit 2 to /etc/profile.pcksh and changed a user
shell to /usr/bin/pcksh, then I made a simple test: cd /home/test; ls;
pwd; ls. In result in the report I see only two ls commands, without cd
or pwd. Unfortunately the same for kill command.

I read some threads, like
'Manage-Internal-command-on-Linux-Unix-environment-via-PUM'
(http://tinyurl.com/lvsnomn) and understand that it is not possible to
control those commands (really?), but I am sure that PUM should audit
those commands.

If you know a solution, please advise.


--
AFridrih
------------------------------------------------------------------------
AFridrih's Profile: https://forums.netiq.com/member.php?userid=4626
View this thread: https://forums.netiq.com/showthread.php?t=49951

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.