HP-UX Auditing and Real-Time Monitoring Overview
The HP-UX Knowledge Pack for expands the auditing and reporting capabilities of InTrust to HP-UX. The Knowledge Pack enables InTrust to work with HP-UX Syslog, text logs, and audit log.
The following table shows what you can audit and monitor on HP-UX:
| Syslog messages |
Yes |
Yes |
| Text logs of any format |
Yes |
No |
| Configuration file modification |
Yes |
Yes |
| HP-UX audit logs |
Yes |
No |
Setup
Requirements
For details about HP-UX versions compatible with the InTrust Knowledge Pack for HP-UX, see HP-UX Events.
Installation
The HP-UX Knowledge Pack must be installed to enable HP-UX support in InTrust. The following is a list of included objects:
- Data Sources
- HP-UX Syslog
- HP-UX Audit Log
- HP-UX Account Monitoring
- HP-UX Text file monitoring
- Gathering Policies
- HP-UX Syslog: Security: Common Syslog Security Events
- HP-UX Syslog: Security: Failed Logins
- HP-UX Syslog: Security: Successful Logins
- HP-UX: Security: SU Activity
- HP-UX: Security: Reboots
- HP-UX: All Syslog Messages
- HP-UX: Login/logoff from Audit Log
- HP-UX Audit Log: Process execution
- HP-UX Audit Log: Failed file access
- HP-UX: All Events from Audit Log
- HP-UX Audit Log: Account management
- HP-UX Audit Log: Audit management
- HP-UX: Account monitoring
- HP-UX: Text file monitoring
- HP-UX: Security: Common Audit Log Security Events
- HP-UX: Audit Log: Administrative activity
- Import Policies
- HP-UX: Security: Common Syslog Security Events
- HP-UX: All Syslog messages
- HP-UX: Security: Failed logins
- HP-UX: Security: Successful logins
- HP-UX: Security: su activity
- HP-UX: Security: Reboots
- HP-UX: Logins/logouts from Audit Log
- HP-UX: Process execution events from Audit Log
- HP-UX: Audit Log: Failed file access
- HP-UX: All events from Audit Log
- HP-UX: Account monitoring
- HP-UX: Text file monitoring
- HP-UX: Security: Common Audit Log Security Events
- HP-UX: Audit Log: Administrative activity
- HP-UX: Audit Log: Account management
- HP-UX: Audit Log: Audit management
- Consolidation Policies
- HP-UX logs consolidation
- HP-UX logs consolidation for the last month
- Tasks
- HP-UX Syslog - daily collection of common security events
- HP-UX Audit Log - daily collection of common security events
- HP-UX configuration changes daily collection
- HP-UX weekly reporting
- Rules
- 'su root' succeeded
- Multiple failed logins
- Login authentication failed
- Failed 'su' attempt
- Successful login by root
- User account created
- User account removed
- Group created
- Group removed
- User added to the group
- User removed from the group
- Syslog.conf file modified
- Text file modified
- Reports
- HP-UX login statistics
- HP-UX user logons
- HP-UX failed login attempts
- HP-UX multiple failed login attempts
- HP-UX process execution
- All HP-UX syslog events
- Account Management
- HP-UX User management
- HP-UX Group management
- HP-UX Group membership management
- System configuration management
- HP-UX configuration files modifications
- HP-UX Audit control
- Other
- "HP-UX hosts" site
- "HP-UX: security" real-time monitoring policy
To install the Knowledge Pack, launch InTrust setup on the InTrust server, and select the corresponding option.
The reporting server you use must have the same reports that are available in the Knowledge Pack that you install on the InTrust server. For that, install the HP-UX Report Pack on the reporting server you want to use for preparing HP-UX-related reports.
