02-28-2006
I need to audit users on a Solaris box
Is there a command to find out all the commands ran by a certain user id?
TiA
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
I need a clarification.
Is there any difference between AIX box and Sun Solaris box?
The bzip command with -c option works in AIX box and the same does not work in Sun Solaris box.
Can anyone please explain if there is an implementation difference in both these boxes for the shell... (1 Reply)
Discussion started by: nisha4680
1 Replies
2. AIX
hi all,
the audit /etc/security/audit/config file is only referring one user at a time. how do you specify all users to be monitored?
I've tried ALL = general but got error when invoke "audit start".
thanks (1 Reply)
Discussion started by: itik
1 Replies
3. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
4. AIX
Is there a tool or application the will audit users activity? I've tryed to use audit the comes with AIX but to gathers so much information it is near impossible to see what they are doing. I just want to monitor logins and and files they create or change. (9 Replies)
Discussion started by: daveisme
9 Replies
5. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
6. Solaris
Hi Friends
I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.
Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
7. UNIX for Advanced & Expert Users
Hi,
I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
Discussion started by: pointgetter0
6 Replies
8. Shell Programming and Scripting
Hi,
I have Sun solaris x64 box in which i need to set a Environment variable for all the users in the box. This Environment varible is used by the application on the box.
Could any one please help me in setting the Environment variable.
Thanks,
Firestar (6 Replies)
Discussion started by: firestar
6 Replies
9. Shell Programming and Scripting
I remote to many DMZ boxes every day to run batch file that allows me to create users. I create users in 17 DMZ boxes every day which takes a lot of my time.
Is there any script that would do this job from my local computer?
Thank you for your help! (3 Replies)
Discussion started by: idiazza
3 Replies
10. Solaris
Dear All,
I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers.
After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies
LEARN ABOUT MOJAVE
lastcomm
LASTCOMM(1) BSD General Commands Manual LASTCOMM(1)
NAME
lastcomm -- show last commands executed in reverse order
SYNOPSIS
lastcomm [-f file] [command ...] [user ...] [terminal ...]
DESCRIPTION
lastcomm gives information on previously executed commands. With no arguments, lastcomm prints information about all the commands recorded
during the current accounting file's lifetime.
Option:
-f file Read from file rather than the default accounting file.
If called with arguments, only accounting entries with a matching command name, user name, or terminal name are printed. So, for example:
lastcomm a.out root ttyd0
would produce a listing of all the executions of commands named a.out by user root on the terminal ttyd0.
For each process entry, the following are printed.
o The name of the user who ran the process.
o Flags, as accumulated by the accounting facilities in the system.
o The command name under which the process was called.
o The amount of cpu time used by the process (in seconds).
o The time the process started.
o The elapsed time of the process.
The flags are encoded as follows: ``S'' indicates the command was executed by the super-user, ``F'' indicates the command ran after a fork,
but without a following exec(3), ``C'' indicates the command was run in PDP-11 compatibility mode (VAX only), ``D'' indicates the command
terminated with the generation of a core file, and ``X'' indicates the command was terminated with a signal.
FILES
/var/account/acct Default accounting file.
SEE ALSO
last(1), sigaction(2), acct(5), core(5)
HISTORY
The lastcomm command appeared in 3.0BSD.
BSD
December 22, 2006 BSD