Sponsored Content
Full Discussion: User account
Operating Systems HP-UX User account Post 302824029 by rbatte1 on Thursday 20th of June 2013 06:37:27 AM
Old 06-20-2013
Are you in trusted mode? You can tell by looking to see if there are files under /tcb/files/auth If there is, then under this point, there is one character a directory for the first of each user name and within there, there is a file for each user. Look at the timestamp of the file to see the last update of it, however if it has been attacked (someone tried to use it) then this will have been updated.

Within, there are fields describing last successful login, last failed login, last password update etc. The times recorded are in seconds from 1/1/1970 00:00:00 (the Epoch) so someone here helpfully wrote this bit of Perl that reformats it to make it human readable:-
Code:
perl -e 'print scalar localtime $ARGV[0],"\n" ' $1

I have this as a one-line script, so I just run something like:-
Code:
$ realtime 1234567890 
Fri Feb 13 23:31:30 2009


I hope that this helps. If you are not in trusted mode, then it depends if you clean out the login history files (whatever they are) Try using the last command. Read the manual pages for the options. It might be useful, maybe not. Unless you intercept and log every use of the various user admin commands (useradd, modprpw, passwd etc.) it's going to be difficult to really prove anything.


As a more general question though, are the auditors complaining that the id they used last time to probe around has been suspended? If it's more that a month since they last used it, then I think you have every right to suspend it to limit the risk of attack, in fact you could argue that it should be suspended immediately after they have finished using it.

i understand they have an important job to do, but sometimes they are the worst offenders just asking for open access whenever they want it. Enforce your standards, especially with them. It could be a test of your procedures Smilie




Robin
Liverpool/Blackburn
UK
This User Gave Thanks to rbatte1 For This Post:
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

creatin user account

hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e' thanks :confused: (1 Reply)
Discussion started by: damian
1 Replies

2. UNIX for Dummies Questions & Answers

show all user account

I have a question about show all create user account. What commend do that thank`s for your help :) (6 Replies)
Discussion started by: Deux
6 Replies

3. Post Here to Contact Site Administrators and Moderators

user account

hi how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies

4. HP-UX

how can distingiush user account

example root::0:3::/:/sbin/sh daemon:*:1:5::/:/sbin/sh bin:*:2:2::/usr/bin:/sbin/sh sys:*:3:3::/: adm:*:4:4::/var/adm:/sbin/sh uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico lp:*:9:7::/var/spool/lp:/sbin/sh nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico... (1 Reply)
Discussion started by: alert0919
1 Replies

5. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

6. Shell Programming and Scripting

How to suspend a user account?

Hi, guys. I have two questions: I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account. There are two things I am not sure: 1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Discussion started by: daikeyang
2 Replies

7. Solaris

Help me create new user account

I want create user. That user should be login to any server without asking password. How? tell me in detail. :wall: (3 Replies)
Discussion started by: Navkreddy
3 Replies

8. AIX

user account priviledges

Hi Admins, As per my knowledge there are two types of user accounts in unix. root and normal users. If there are any user types for which we can give some priviledges..? Actually i want to restrict root access and create new accounts for admins with some of the priviledges. Please let me... (6 Replies)
Discussion started by: newsol
6 Replies

9. UNIX for Dummies Questions & Answers

User account logging

Hi - I want to log commands typed by oraapps user with time into some log file on runtime. HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history. OS : RHEl 5.6 Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
USERMGMT.CONF(5)					      BSD File Formats Manual						  USERMGMT.CONF(5)

NAME
usermgmt.conf -- user management tools configuration file SYNOPSIS
usermgmt.conf DESCRIPTION
The usermgmt.conf file defines the default values used by the user management tools, useradd(8) and friends. Options in this file can be set by manually editing /etc/usermgmt.conf or using the -D option to useradd(8). base_dir sets the base directory name, in which new users' home directories are created when using the -m option to useradd(8). class sets the default login class for new users. See login.conf(5) for more information on user login classes. expire sets the default time at which the current password expires. This can be used to implement password aging. Both the expire and inactive fields should be entered in the form ``month day year'', where month is the month name (the first three characters are sufficient), day is the day of the month, and year is the year. Time in seconds since the epoch (UTC) is also valid. A value of 0 can be used to disable this feature. group sets the default primary group for new users. If this is '=uid', then a uid and gid will be picked which are both unique and the same, and a line will be added to /etc/group to describe the new group. It has the format: group gid | name | =uid homeperm sets the default permissions of the newly created home directory if -m is given to useradd(8). The permission is specified as an octal number, with or without a leading zero. inactive sets the default time at which new accounts expire. A value of 0 can be used to disable this feature. Also see the expire field. password specifies an already-encrypted default password. preserve If this value is one of 'true', 'yes', or a non-zero number, then the user login information will be preserved when removing a user with userdel(8). range specifies the uid boundaries for new users. If unspecified, the default is ``1000..60000''. It has the format: range starting-uid..ending-uid gid_range specifies the gid boundaries for new groups. If unspecified, the default is ``1000..60000''. It has the format: gid_range starting-gid..ending-gid shell sets the default login shell for new users. skel_dir sets the default skeleton directory in which to find files with which to populate the new user's home directory. FILES
/etc/usermgmt.conf /etc/skel/* /etc/login.conf SEE ALSO
login.conf(5), passwd(5), user(8), useradd(8), userdel(8), usermod(8) HISTORY
The usermgmt.conf configuration file first appeared in NetBSD 1.5. BSD
December 31, 2009 BSD
All times are GMT -4. The time now is 05:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy