|
|
Sponsored Content
Operating Systems
HP-UX
How to enforce users not to modify their command history.
Post 302208190 by vbe on Monday 23rd of June 2008 07:52:47 AM
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Ok, first off, I'm working on a Vmware ESX server, which I guess is loosely based off of Red Hat 9. But I'm brand new to it (today), so be nice.
I'm trying to write a useradd script that will create some users, generate a password, and set their password to this newly generated password.
... (2 Replies)
Discussion started by: paqman
2 Replies
2. UNIX for Advanced & Expert Users
Hi all!
I have a nice challange for you today :)
I have several users that use "tcsh" the problem is that they all have the same "home_dir" (application reasons...), now... as far as i know (correct me if i'm wrong) every user have an history file in his "home_dir" that calls ".sh_history" or... (0 Replies)
Discussion started by: eliraza6
0 Replies
3. UNIX for Dummies Questions & Answers
Ok, so here's my project I've been given and I know very little about this.
I have an AIX unix box that has over 2300 local users.
Any user with 4 or less characters in the username does not get changed.
Any user with 5 or more needs to have the attribute shell=/bin/ksh changed to... (1 Reply)
Discussion started by: tresani
1 Replies
4. Solaris
Hi All,
How to enforce all users to change their password when they try to login.
I am having Solaris 9 and 10.
Even it would be much better if anyone can say to enforce all users to change their password next morning they login.
Thanks in advance,
Deepak (3 Replies)
Discussion started by: naw_deepak
3 Replies
5. UNIX for Dummies Questions & Answers
Can anyone tell this:
If two users are logged into the same server from different locations. Is there a way to see the history command of the other user? I tried the history command, but it is showing me only the commands I used.
Thanks in advance for your help.
Iamnew2solaris (1 Reply)
Discussion started by: iamnew2solaris
1 Replies
6. Shell Programming and Scripting
Hi all,
Thanks in Advance,
i want to view my users commands, what commands they are using in their terminal like that, how to automate this history process daily. (6 Replies)
Discussion started by: anishkumarv
6 Replies
7. Shell Programming and Scripting
Hi folks,
I have the basic query that there are 3 unix boxes having their individual access now in my team there are 4 members who are using the same credentials to access those 3 boxes through putty ssh from their windows desktop , now if i want to check which 4 members have executed the... (1 Reply)
Discussion started by: punpun66
1 Replies
8. Shell Programming and Scripting
HTML Code
archive_history() { HISTORYOLD=${HISTFILE}.archive CURTIME=`date` CURTTY=`tty` IP=$(echo $SSH_CLIENT | awk '{print $1}') if ; then echo "#-${HOSTNAME}-- ${CURBASHDATE} - ${CURTIME} ($CURTTY) ${USER} ${IP}----" >> $HISTORYOLD history... (2 Replies)
Discussion started by: rehantayyab82
2 Replies
9. Shell Programming and Scripting
HTML Code:
archive_history() { HISTORYOLD=${HISTFILE}.archive CURTIME=`date` CURTTY=`tty` IP=$(echo $SSH_CLIENT | awk '{print $1}') if ; then echo "#-${HOSTNAME}-- ${CURBASHDATE} - ${CURTIME} ($CURTTY) ${USER} ${IP}----" >> $HISTORYOLD history... (0 Replies)
Discussion started by: rehantayyab82
0 Replies
10. Shell Programming and Scripting
here is my script that expects the user to run it like
./best.sh -f /tmp/log.txt
more best.sh
#!/bin/bash
while getopts ":f:" opt; do
case $opt in
f) file_in="$OPTARG"
;;
\?) echo "Invalid option -$OPTARG" >&2
;;
esac
done uname -a
SunOS mymac 5.11 11.2 sun4v... (15 Replies)
Discussion started by: mohtashims
15 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8) PAM_SSH_AGENT_AUTH This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails. SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys /etc/sudoers: Defaults env_keep += "SSH_AUTH_SOCK" This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can either be local, or forwarded. Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry. ARGUMENTS
file=<path to authorized_keys> Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below) allow_user_owned_authorized_keys_file A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically whenever the expansions %h or ~ are used. debug A flag which enables verbose logging sudo_service_name=<service name you compiled sudo to use> (when compiled with --enable-sudo-hack) Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER. This defaults to "sudo". EXPANSIONS
~ -- same as in shells, a user's Home directory Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file %h -- User's Home directory Automatically enables allow_user_owned_authorized_keys_file %H -- The short-hostname %u -- Username %f -- FQDN EXAMPLES
in /etc/pam.d/sudo "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" The default .ssh/authorized_keys file in a user's home-directory "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys" Same as above. "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys" If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'. "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself. "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root. v0.8 2009-08-09 pam_ssh_agent_auth(8)