Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: crontab changes logged?
Operating Systems AIX crontab changes logged? Post 302105576 by dukessd on Friday 2nd of February 2007 07:08:16 PM
Old 02-02-2007
Unless you have auditing turned on, I think the users history files are your only hope.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

know who logged and logged out with their timings

being ordinary user (not having any administrative rights) can avail myself a facility to know who logged and logged out with their timings get popped onto my terminal as if it get echo 'ed... (3 Replies)
Discussion started by: vkandati
3 Replies

2. UNIX for Advanced & Expert Users

su ?? Who logged in First ??

Hi all, Say my login user id is "t007" and I login into the unix server first using my id and password and then I used to use "su" command to switch the user using root user id and password. Now, how the third person will come to know who has logged in as a first user ? As: Login: t007... (2 Replies)
Discussion started by: varungupta
2 Replies

3. Programming

logged in or logged out?

I have wrote a service with c++ which is always run and now I want to get with it the exact time in that the user log in or log out and then run a script. but the problem is that how could i find that the user logged in or logged out with out checking something frequently? thanks (9 Replies)
Discussion started by: mrhosseini
9 Replies

4. Shell Programming and Scripting

Who are all logged out

I have a situation where I have to capture information of all users who log out, along with the terminal info(tty command). For example, I may have logged in with /dev/pts/2 as well as /dev/pts4. Now, when I log out of the session with /dev/pts/2, I need that to be sent in an email to a... (1 Reply)
Discussion started by: ggayathri
1 Replies

5. Shell Programming and Scripting

Users Not Logged in

I have searched the forums but have not mangaed to quite find what im looking for. I have used to /etc/passwd command to present me a list of all users the who command to present all users currently logged on, but what i want to know is what command can i use to display users that are registered... (12 Replies)
Discussion started by: warlock129
12 Replies

6. UNIX for Dummies Questions & Answers

How many users are logged in?

How do I find this out? I have a feeling its a simple command such as who, but I just don't know what it is. I've had a search on here but either I can't put it into the right search criteria or there isn't a topic on it. Thanks. EDIT: Delete this thread, as I posted it I noticed the... (0 Replies)
Discussion started by: chris_rabz
0 Replies

7. Shell Programming and Scripting

who logged in

Hi friends I want to get a list of users who have logged in before 10 'o clock in the morning on a given date . I tried with who and last commands but last gives only the last login time How do i find who logged before 10 'o clock Thanks (3 Replies)
Discussion started by: ultimatix
3 Replies

8. AIX

Still logged in problem

Hello everyone, I have a problem with one AIX server. When I run the last command, it shows thet many users logged in on Dec 31 at 19:00 and are "still logged in". I know that is a problem I've seen before but I don't know how to fix it. I just cleared the /var/adm/wtmp, but it started doing it... (4 Replies)
Discussion started by: designbc
4 Replies

9. Shell Programming and Scripting

Last user logged in

hi! How can I find into: /var/log/messages.4 /var/log/messages.3 /var/log/messages.2 /var/log/messages.1 /var/log/messages The last user do a login? (for example user1) My idea is to search by the pattern "Accepted password for" buy I necessary search into all files first and in the... (2 Replies)
Discussion started by: guif
2 Replies

LEARN ABOUT HPUX

audit

audit(5)							File Formats Manual							  audit(5)

NAME

       audit - introduction to HP-UX Auditing System

DESCRIPTION

       The  purpose  of  the  auditing	system	is  to	record instances of access by subjects to objects and to allow detection of any (repeated)
       attempts to bypass the protection mechanism and any misuses of privileges, thus acting as a deterrent against system  abuses  and  exposing
       potential security weaknesses in the system.

   User and Event Selection
       The auditing system provides administrators with a mechanism to select users and activities to be audited.

       On  a  system  that  has  been  converted  to trusted mode, users are assigned unique identifiers called by the administrator, which remain
       unchanged throughout a user's history.  See about trusted mode.	The command is used to specify those users who are to be audited.

       On a system that has not been converted to trusted mode, each login session is assigned a unique identifier called The is a  string  repre-
       senting	information such as user name and login time.  It can uniquely identify each login session and the person responsible for the ses-
       sion.  See also setauduser(3) and getauduser(3).  The command is used to specify those users who are to be audited.  See userdbset(1M)  and
       userdb(4).  The associated attribute is called and is described in security(4).

       The  command  is  used  to specify system activities (auditable events) that are to be audited.	Auditable events are classified into event
       categories and profiles for easier configuration.  Once an event category or a profile is selected,  all  system  calls	and  self-auditing
       events  associated with that event category or profile are selected.  When the auditing system is installed, a default set of event classi-
       fication information is provided in file In order to meet site-specific requirements, administrators may also define event  categories  and
       profiles in See audit.conf(4) and audevent(1M) for more information.

       Note  that  even if an user is not selected for auditing, it is expected that some records may still be generated at the time user starts a
       session and ends a session.  Those are considered as system-wise information that are more in favor of event selection than the user selec-
       tion.   Other  programs	that  do self-auditing may also make arbitrary decision to ignore the user selection though it is not recommended.
       More information about self-auditing programs can be found later.

   Starting and Halting the Auditing System
       The administrator can use the command to start or halt the auditing system, or to get a brief summary of the status of  the  audit  system.
       Prior  to starting the auditing system, also validates the parameters specified, and ensures that the auditing system is in a safe and con-
       sistent state.  See audsys(1M) for more information.

   Monitoring the Auditing System
       To ensure that the auditing system operates normally and to detect abnormal behaviors, a privileged program, runs in the background to mon-
       itor  various  auditing	system	parameters.  When these parameters take on abnormal (dangerous) values, or when components of the auditing
       system are accidentally removed, prints warning messages and tries to resolve the problem if possible.  See audomon(1M) for  more  informa-
       tion.   can  be	spawned by (as part of the start-up process) when the system is booted up if the parameter AUDITING is set to 1 in file It
       can also be started any time by a privileged user.

   Viewing of Audited Data
       The command is used to view audited data recorded in log files.	The command merges the log files into a single audit trail in  chronologi-
       cal  sequence.	The  administrator  can  select viewing criteria provided by the command to limit the search to particular kinds of events
       which the administrator is interested in investigating.

   Audit Trails
       At any time when the auditing system is enabled, at least an audit trail must be present.  The trail name and various  attributes  for  the
       trail  can  be specified using When the current trail exceeds the specified size, or when the auditing file system is dangerously full, the
       system automatically switches to another trail with the same base name but a different timestamp extension and begin recording  to  it.	 A
       script  can  be	specified  using  to  perform various operations on the last audit trail after each successful switch.	If trail switch is
       unsuccessful, warning messages are sent to request appropriate administrator action.

   Self-auditing Programs
       To reduce the amount of log data and to provide a higher-level recording of some typical system operations, a collection of privileged pro-
       grams  are given capabilities to perform self-auditing.	This means that the programs can suspend the currently specified auditing on them-
       selves and produce a high-level description of the operations they perform.  These self-auditing programs are described	in  the  following
       manpages:  at(1), chfn(1), chsh(1), crontab(1), login(1), newgrp(1), passwd(1), audevent(1M), audisp(1M), audsys(1M), audusr(1M), cron(1M),
       groupadd(1M), groupdel(1M), groupmod(1M), init(1M), lpsched(1M), sam(1M), useradd(1M), userdel(1M), and usermod(1M).

	      Note: Only privileged programs are allowed to do self-auditing.  The audit suspension they perform only affects these  programs  and
	      does not affect any other processes on the system.

       Most  of  these	commands  generate audit data under a single event category.  For example, generates the audit data under the event admin.
       Other commands may generate data under multiple event categories.  For example, the command generates  data  under  the	events	login  and
       admin.  For a list of predefined event categories, see audevent(1M).

WARNINGS

       HP-UX 11i Version 3 is the last release to support trusted systems functionality.

       The HP-UX Auditing System continues to work without converting to trusted mode.

AUTHOR

       The auditing system described above was developed by HP.

SEE ALSO

       audevent(1M),  audisp(1M),  audsys(1M),	audusr(1M),  userdbset(1M), audctl(2), audswitch(2), audwrite(2), getaudid(2), getevent(2), setau-
       did(2), setevent(2), getauduser(3), setauduser(3), audit(4), security(4), userdb(4), audit_memory_usage(5),  audit_track_paths(5),  diskau-
       dit_flush_interval(5).

																	  audit(5)
All times are GMT -4. The time now is 07:29 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy