Sponsored Content
Full Discussion: User account
Operating Systems HP-UX User account Post 302824029 by rbatte1 on Thursday 20th of June 2013 06:37:27 AM
Old 06-20-2013
Are you in trusted mode? You can tell by looking to see if there are files under /tcb/files/auth If there is, then under this point, there is one character a directory for the first of each user name and within there, there is a file for each user. Look at the timestamp of the file to see the last update of it, however if it has been attacked (someone tried to use it) then this will have been updated.

Within, there are fields describing last successful login, last failed login, last password update etc. The times recorded are in seconds from 1/1/1970 00:00:00 (the Epoch) so someone here helpfully wrote this bit of Perl that reformats it to make it human readable:-
Code:
perl -e 'print scalar localtime $ARGV[0],"\n" ' $1

I have this as a one-line script, so I just run something like:-
Code:
$ realtime 1234567890 
Fri Feb 13 23:31:30 2009


I hope that this helps. If you are not in trusted mode, then it depends if you clean out the login history files (whatever they are) Try using the last command. Read the manual pages for the options. It might be useful, maybe not. Unless you intercept and log every use of the various user admin commands (useradd, modprpw, passwd etc.) it's going to be difficult to really prove anything.


As a more general question though, are the auditors complaining that the id they used last time to probe around has been suspended? If it's more that a month since they last used it, then I think you have every right to suspend it to limit the risk of attack, in fact you could argue that it should be suspended immediately after they have finished using it.

i understand they have an important job to do, but sometimes they are the worst offenders just asking for open access whenever they want it. Enforce your standards, especially with them. It could be a test of your procedures Smilie




Robin
Liverpool/Blackburn
UK
This User Gave Thanks to rbatte1 For This Post:
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

creatin user account

hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e' thanks :confused: (1 Reply)
Discussion started by: damian
1 Replies

2. UNIX for Dummies Questions & Answers

show all user account

I have a question about show all create user account. What commend do that thank`s for your help :) (6 Replies)
Discussion started by: Deux
6 Replies

3. Post Here to Contact Site Administrators and Moderators

user account

hi how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies

4. HP-UX

how can distingiush user account

example root::0:3::/:/sbin/sh daemon:*:1:5::/:/sbin/sh bin:*:2:2::/usr/bin:/sbin/sh sys:*:3:3::/: adm:*:4:4::/var/adm:/sbin/sh uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico lp:*:9:7::/var/spool/lp:/sbin/sh nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico... (1 Reply)
Discussion started by: alert0919
1 Replies

5. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

6. Shell Programming and Scripting

How to suspend a user account?

Hi, guys. I have two questions: I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account. There are two things I am not sure: 1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Discussion started by: daikeyang
2 Replies

7. Solaris

Help me create new user account

I want create user. That user should be login to any server without asking password. How? tell me in detail. :wall: (3 Replies)
Discussion started by: Navkreddy
3 Replies

8. AIX

user account priviledges

Hi Admins, As per my knowledge there are two types of user accounts in unix. root and normal users. If there are any user types for which we can give some priviledges..? Actually i want to restrict root access and create new accounts for admins with some of the priviledges. Please let me... (6 Replies)
Discussion started by: newsol
6 Replies

9. UNIX for Dummies Questions & Answers

User account logging

Hi - I want to log commands typed by oraapps user with time into some log file on runtime. HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history. OS : RHEl 5.6 Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
AUDIT_LOG_ACCT_MESSAGE(3)					  Linux Audit API					 AUDIT_LOG_ACCT_MESSAGE(3)

NAME
audit_log_acct_message - log a user account message SYNOPSIS
#include <libaudit.h> int audit_log_acct_message(int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result) DESCRIPTION
This function will log a message to the audit system using a predefined message format. It should be used for all account manipulation operations. The function parameters are as follows: audit_fd - The fd returned by audit_open type - type of message: AUDIT_USER_CHAUTHTOK for changing any account attributes. pgname - program's name, if NULL will attempt to figure out op - operation. Ex: "adding user", "changing finger info", "deleting group" name - user's account or group name. If not available use NULL. id - uid or gid that the operation is being performed on. This is used only when user is NULL. host - The hostname if known addr - The network address of the user tty - The tty of the user, if NULL will attempt to figure out result - 1 is "success" and 0 is "failed" RETURN VALUE
It returns the sequence number which is > 0 on success or <= 0 on error. ERRORS
This function returns -1 on failure. Examine errno for more info. SEE ALSO
audit_log_user_message(3), audit_log_user_comm_message(3), audit_log_user_avc_message(3), audit_log_semanage_message(3). AUTHOR
Steve Grubb Red Hat Oct 2006 AUDIT_LOG_ACCT_MESSAGE(3)
All times are GMT -4. The time now is 04:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy