Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AIX audit users activity
Operating Systems AIX AIX audit users activity Post 302181876 by KeesH on Friday 4th of April 2008 11:01:01 AM
Old 04-04-2008
Right, so I've done the following but it's not working how I want.

I've created a folder, /etc/security/.history/ and given it write permissions only (chmod 222). This is owned by root / system.

I've added the following to the /etc/profile

___________________________________________
HISTSIZE=10000
WHO2=`w | awk '(\$2=="'$TTY'"){print \$1}'`
HISTFILE=/etc/security/.history/.history.${WHO2}.$(date +%Y%m%d.%H%M%S).$$.${LOGNAME}

export HISTSIZE WHO2 HISTFILE
___________________________________________

It is only creating files for root, not Oracle etc.
___________________________________________
root@cet_sup:/etc/security/.history> ls -lrt
total 24
-rw------- 1 root system 362 04 Apr 15:41 .history..20080404.153019.2072606.root
-rw------- 1 root system 60 04 Apr 15:42 .history..20080404.154204.2072606.root
-rw------- 1 root system 200 04 Apr 15:59 .history..20080404.154313.5693542.root
____________________________________________

How can I get it to work for other users??
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

logging users activity

Hello All! Does anyone know of a nice way to log commands in solaris 8. What I need is a program or script that saves any command that a user does in solaris command prompt. So when Steven logs in on a system, it should record everything he does, from an ls to exit with timestamps. I've been... (6 Replies)
Discussion started by: dozy
6 Replies

2. UNIX for Dummies Questions & Answers

audit user activity - possible?

Hi, I have been asked if it is possible to track the last time a specific user logged in to the sysetm. checked my documentation but can't see it there - google is not being very helpful either. I wonder if someone here can help - it will be much appreciated. Thanks Suresh (1 Reply)
Discussion started by: sureshy
1 Replies

3. SCO

Commands for review users activity

:D Hi, I'm searching for a command or commands to see the user and programs activity and who much resources is in use. In Unix I remember a TOP command but in SCO I'm don't find a similar. My system is a UNIX SCO 5.6 Thank's (1 Reply)
Discussion started by: DigitalExecutiv
1 Replies

4. Solaris

I need to audit users on a Solaris box

Is there a command to find out all the commands ran by a certain user id? TiA (5 Replies)
Discussion started by: PapaPark
5 Replies

5. AIX

turn on audit for all users

hi all, the audit /etc/security/audit/config file is only referring one user at a time. how do you specify all users to be monitored? I've tried ALL = general but got error when invoke "audit start". thanks (1 Reply)
Discussion started by: itik
1 Replies

6. AIX

Aix high cpu activity

Hello everyone I have this process running on my server. topas command User 98.6 |############################ I have this process Name PID CPU% PgSp Owner db2fm 565264 25.6 1.5 ldapdb2 db2fm 348328 23.6 ... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies

7. UNIX for Advanced & Expert Users

audit user commands of different users under root account

Hi, I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
Discussion started by: pointgetter0
6 Replies

8. Red Hat

Loggin SFTP activity for chrooted (rssh) users

Hi, I need to log the activity of my SFTP (RHEL 5.4). I have this in /etc/sshd/sshd_config: Subsystem sftp /usr/libexec/openssh/sftp-server -f LOCAL5 -l VERBOSE And this in /etc/syslog.conf: LOCAL5.* /var/log/sftp.log When I log in... (1 Reply)
Discussion started by: Tr0cken
1 Replies

9. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

10. Shell Programming and Scripting

Audit user activity

Need some help in coming up to log all the activity that is used with our common "unix account". Ideally I am looking for to log the activity in a "separate" file for each session or login until the user logout, I would like to capture the date/time and terminal login and record all the ... (3 Replies)
Discussion started by: rajmanna
3 Replies

LEARN ABOUT SUSE

pam_pwhistory

PAM_PWHISTORY(8)						 Linux-PAM Manual						  PAM_PWHISTORY(8)

NAME

       pam_pwhistory - PAM module to remember last passwords

SYNOPSIS

       pam_pwhistory.so [debug] [use_authtok] [enforce_for_root] [remember=N] [retry=N] [authtok_type=STRING]

DESCRIPTION

       This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the
       same password too frequently.

       This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or
       LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.

OPTIONS

       debug
	   Turns on debugging via syslog(3).

       use_authtok
	   When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the
	   example of the stacking of the pam_cracklib module documented below).

       enforce_for_root
	   If this option is set, the check is enforced for root, too.

       remember=N
	   The last N passwords for each user are saved in /etc/security/opasswd. The default is 10.

       retry=N
	   Prompt user at most N times before returning with error. The default is 1.

       authtok_type=STRING
	   See pam_get_authtok(3) for more details.

MODULE TYPES PROVIDED

       Only the password module type is provided.

RETURN VALUES

       PAM_AUTHTOK_ERR
	   No new password was entered, the user aborted password change or new password couldn't be set.

       PAM_IGNORE
	   Password history was disabled.

       PAM_MAXTRIES
	   Password was rejected too often.

       PAM_USER_UNKNOWN
	   User is not known to system.

EXAMPLES

       An example password section would be:

	   #%PAM-1.0
	   password	required       pam_pwhistory.so
	   password	required       pam_unix.so	  use_authtok

       In combination with pam_cracklib:

	   #%PAM-1.0
	   password	required       pam_cracklib.so	  retry=3
	   password	required       pam_pwhistory.so   use_authtok
	   password	required       pam_unix.so	  use_authtok

FILES

       /etc/security/opasswd
	   File with password history

SEE ALSO

       pam.conf(5), pam.d(5), pam(8) pam_get_authtok(3)

AUTHOR

       pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de>

Linux-PAM Manual						    04/01/2010							  PAM_PWHISTORY(8)
All times are GMT -4. The time now is 09:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy