Unix/Linux Go Back    


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

User History and commnad log

UNIX for Dummies Questions & Answers


Closed Linux or Unix Question    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 02-10-2008
jaydeep_sadaria jaydeep_sadaria is offline
Registered User
 
Join Date: Nov 2007
Last Activity: 6 March 2015, 2:02 PM EST
Posts: 63
Thanks: 5
Thanked 0 Times in 0 Posts
User History and commnad log

Dear All

I had a UNIX ( Sun solaris ) os.

There are many user on that server. Now i want to find during last week who had log in to the sever and which commnad are executed by them?

I also want to from which IP they had log in to the server.

Is there any log file generated for user in server.??? Kindly send me path.

Hoping reply

Regards
Jaydeep
Sponsored Links
    #2  
Old Unix and Linux 02-10-2008
HPAVC's Unix or Linux Image
HPAVC HPAVC is offline
Registered User
 
Join Date: Feb 2008
Last Activity: 29 October 2009, 8:14 AM EDT
Posts: 106
Thanks: 0
Thanked 0 Times in 0 Posts
If your running the acct packages there your good to go for doing just that, that gives you quite a bit extra commands like lastcomm and what not to show command history and more.

Though most intrusions avoid utmp/wtmp pretty handedly Linux
Sponsored Links
    #3  
Old Unix and Linux 02-10-2008
otheus's Unix or Linux Image
otheus otheus is offline Forum Advisor  
Smartass
 
Join Date: Feb 2007
Last Activity: 11 May 2015, 7:29 AM EDT
Location: Innsbruck, Austria
Posts: 2,154
Thanks: 12
Thanked 49 Times in 46 Posts
Use "last" to see who's logged in

The command you want is "last". It uses the information from wtmp, which after 30 days gets moved to /var/adm/wtmpx.1 or something like that.

Use last by itself to get the standard report. Remote logins will have the IP address in the 3rd column. (Locally spawned sessions, ie, Xterms or virtual terminals will not have an IP address.) Use -f filename to use the older wtmpx file.

As the previous poster hinted at, hackers may be able to cover their tracks, so this only helps with authorized access. To cross-reference, you can also look at the logs from /var/adm/messages*. To enable more verbosity in log messages, you should tweak entries in both /etc/pam.conf, /etc/syslogd.conf, and /etc/ssh/sshd.conf.
    #4  
Old Unix and Linux 02-10-2008
HPAVC's Unix or Linux Image
HPAVC HPAVC is offline
Registered User
 
Join Date: Feb 2008
Last Activity: 29 October 2009, 8:14 AM EDT
Posts: 106
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by otheus View Post
The command you want is "last". It uses the information from wtmp, which after 30 days gets moved to /var/adm/wtmpx.1 or something like that.
last only gives logins, but lastcomm gives oh much more. Though I never found it all that wonderful in practice. A simply ln -s /usr/bin/games/rogue ~/bin/pine and you could be productive all day long Linux
Sponsored Links
    #5  
Old Unix and Linux 02-11-2008
jaydeep_sadaria jaydeep_sadaria is offline
Registered User
 
Join Date: Nov 2007
Last Activity: 6 March 2015, 2:02 PM EST
Posts: 63
Thanks: 5
Thanked 0 Times in 0 Posts
use command log

Dear all

I also want to log of command given by specific user.

Kindly sugest me....

lastcomm command is not runing in my system..

plz send other possible way...
Sponsored Links
    #6  
Old Unix and Linux 02-11-2008
otheus's Unix or Linux Image
otheus otheus is offline Forum Advisor  
Smartass
 
Join Date: Feb 2007
Last Activity: 11 May 2015, 7:29 AM EDT
Location: Innsbruck, Austria
Posts: 2,154
Thanks: 12
Thanked 49 Times in 46 Posts
There's another thread on this board about command logging. There's the "rootsh" package (available from sourceforge), but you have to replace selected user's shells. If you're running BSD, the lastcomm package will work if accounting is turned on (apparently). If you're running Solaris, there's an accounting and reporting package there too (see other thread).
Sponsored Links
Closed Linux or Unix Question

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
History to Another file [local user history , but root access] linuxadmin UNIX for Advanced & Expert Users 3 08-31-2011 11:13 AM
access user history as root sardare Shell Programming and Scripting 4 07-01-2009 12:09 PM
User History CasperQuiet UNIX for Dummies Questions & Answers 1 06-22-2009 12:01 AM
How to access all user history file rgpai9972 UNIX for Advanced & Expert Users 2 05-22-2009 11:10 AM
How to delete history for a particular user shubhranshu UNIX for Advanced & Expert Users 9 01-20-2009 09:10 AM



All times are GMT -4. The time now is 03:48 AM.