06-20-2013
We would need to know a bit more on your architecture, (paltform, OS and version, using shadow? ot TCB?) and the context
Quote:
Audit is claiming the user account was active during the last audit exercise.
What was the audit doing?
I saw cases (audit...) with active intrusion attempts, resulting in some users account to be disabled...
So you would have to explain what is the claim... ( and kind of disablement...)
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e'
thanks :confused: (1 Reply)
Discussion started by: damian
1 Replies
2. UNIX for Dummies Questions & Answers
I have a question about show all create user account. What commend do that
thank`s for your help :) (6 Replies)
Discussion started by: Deux
6 Replies
3. Post Here to Contact Site Administrators and Moderators
hi
how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies
4. HP-UX
example
root::0:3::/:/sbin/sh
daemon:*:1:5::/:/sbin/sh
bin:*:2:2::/usr/bin:/sbin/sh
sys:*:3:3::/:
adm:*:4:4::/var/adm:/sbin/sh
uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico
lp:*:9:7::/var/spool/lp:/sbin/sh
nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico... (1 Reply)
Discussion started by: alert0919
1 Replies
5. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
6. Shell Programming and Scripting
Hi, guys. I have two questions:
I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account.
There are two things I am not sure:
1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Discussion started by: daikeyang
2 Replies
7. Solaris
I want create user. That user should be login to any server without asking password. How? tell me in detail.
:wall: (3 Replies)
Discussion started by: Navkreddy
3 Replies
8. AIX
Hi Admins,
As per my knowledge there are two types of user accounts in unix. root and normal users.
If there are any user types for which we can give some priviledges..?
Actually i want to restrict root access and create new accounts for admins with some of the priviledges.
Please let me... (6 Replies)
Discussion started by: newsol
6 Replies
9. UNIX for Dummies Questions & Answers
Hi - I want to log commands typed by oraapps user with time into some log file on runtime.
HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.
OS : RHEl 5.6
Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
LEARN ABOUT CENTOS
audit_log_acct_message
AUDIT_LOG_ACCT_MESSAGE(3) Linux Audit API AUDIT_LOG_ACCT_MESSAGE(3)
NAME
audit_log_acct_message - log a user account message
SYNOPSIS
#include <libaudit.h>
int audit_log_acct_message(int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host,
const char *addr, const char *tty, int result)
DESCRIPTION
This function will log a message to the audit system using a predefined message format. It should be used for all account manipulation
operations. The function parameters are as follows:
audit_fd - The fd returned by audit_open
type - type of message: AUDIT_USER_CHAUTHTOK for changing any account attributes.
pgname - program's name, if NULL will attempt to figure out
op - operation. Ex: "adding user", "changing finger info", "deleting group"
name - user's account or group name. If not available use NULL.
id - uid or gid that the operation is being performed on. If the user is unknown, pass a -1 and fill in the name parameter. This is used only when user is NULL.
host - The hostname if known. If not available pass a NULL.
addr - The network address of the user. If not available pass a NULL.
tty - The tty of the user, if NULL will attempt to figure out
result - 1 is "success" and 0 is "failed"
RETURN VALUE
It returns the sequence number which is > 0 on success or <= 0 on error.
ERRORS
This function returns -1 on failure. Examine errno for more info.
SEE ALSO
audit_log_user_message(3), audit_log_user_comm_message(3), audit_log_user_avc_message(3), audit_log_semanage_message(3).
AUTHOR
Steve Grubb
Red Hat Oct 2010 AUDIT_LOG_ACCT_MESSAGE(3)