08-06-2008
Like era said, accouting will do the job, but it will only give you the commands executed by a given user, not the IP address he/she used to enter your machine.
For something really accurate you could use grsecurity's patches which specially create a proc entry with the ip address of the user who created a given process.
Not sure if selinux would help you with this.
RSBAC also gives you IP information in its logs.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am executing a find command in my script i.e
find $2 -type f -name '*.gif' -mtime +$1 -exec rm {} \;
how do i check that this command is executed properly.. i would lke t trap the errror and display my error message
kinly help.. this is an urgent issue. (1 Reply)
Discussion started by: vijay.amirthraj
1 Replies
2. UNIX for Dummies Questions & Answers
I am trying to determine if there are several url/host names for an IP address. Is there a UNIX command to find ALL host names for an IP address?
Thank you in advance. (3 Replies)
Discussion started by: rukasu
3 Replies
3. Shell Programming and Scripting
Hi everyone,
when executing this command in unix:
echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error.
here is content of my script:
tdbsrvr$ vi hc.sh
"hc.sh" 22 lines, 509... (4 Replies)
Discussion started by: 4dirk1
4 Replies
4. Shell Programming and Scripting
Hi
I have created a perl script & running it using Linux machine. I want my script to die when system command is unsuccessful but script is dying even when system command gets executed successfully. :wall:
I am using the command below :-
system($cmd) || die "FAILED $!";
print "Hello";
... (2 Replies)
Discussion started by: Priyanka Gupta
2 Replies
5. AIX
In Unix If we executed any command where will generate the particluar log related to command in Unix. (4 Replies)
Discussion started by: victory
4 Replies
6. Shell Programming and Scripting
Hello,
I have written a command n shell script :
srvctl relocate service -d t1 -s s1 -i i1 -t t1 -f
If the above command executes successfully without error I need to echo
"Service relocated successfully
and If it errors out I need to trap the errors in a file and also need to make... (1 Reply)
Discussion started by: Vishal_dba
1 Replies
7. UNIX for Dummies Questions & Answers
Hi Guys,
I like to output every command executed in the script to a file.
I have tried set -x which does the same.
But it is not giving the logs of the child script which is being called from my script.
Is there any parameters in the Set command or someother way where i can see the log... (2 Replies)
Discussion started by: mac4rfree
2 Replies
8. SuSE
Hi,
I am using below code snippet to echo/display the files found
(matching a pattern from searchstring.out file) and the corresponding owner.
while read j
do
echo "Pattern to search is:- $j"
find / -name "*$j*" |\
while read k
do
echo "File found is:- $k"
owner=$(ls... (9 Replies)
Discussion started by: Vipin Batra
9 Replies
9. UNIX for Beginners Questions & Answers
Hi Team,
Please help me with the below question.
SunOS 5.10
Shell: -bash
I am trying to find the original user who executed a command on my development server.
In my dev server users login using their personal id and sudo to a common id using 'sudo -u commonid -i'. Once logged in as... (6 Replies)
Discussion started by: sam99
6 Replies
10. UNIX for Beginners Questions & Answers
hi~~
my Os is 6.1
i want to find heartbeat ip address from below result.
i think, is it en7 onto both nodes?
/usr/es/sbin/cluster/utilities/cllsif
Adapter Type Network Net Type Attribute Node IP Address Hardware Address Interface Name Global Name ... (2 Replies)
Discussion started by: tomato00
2 Replies
LEARN ABOUT OPENSOLARIS
lastcomm
lastcomm(1) User Commands lastcomm(1)
NAME
lastcomm - display the last commands executed, in reverse order
SYNOPSIS
lastcomm [-f file] [-x] [command-name] ... [user-name] ...
[terminal-name] ...
DESCRIPTION
The lastcomm command gives information on previously executed commands. lastcomm with no arguments displays information about all the com-
mands recorded during the current accounting file's lifetime. If called with arguments, lastcomm only displays accounting entries with a
matching command-name, user-name, or terminal-name. If extended process accounting is active (see acctadm(1M)) and is recording the appro-
priate data items, lastcomm attempts to take data from the current extended process accounting file. If standard process accounting is
active, lastcomm takes data from the current standard accounting file (see acct(2)).
If terminal-name is `- -', there was no controlling TTY for the process. The process was probably executed during boot time. If terminal-
name is `??', the controlling TTY could not be decoded into a printable name.
For each process entry, lastcomm displays the following items of information:
o The command name under which the process was called.
o One or more flags indicating special information about the process. The flags have the following meanings:
F The process performed a fork but not an exec.
S The process ran as a set-user-id program.
o The name of the user who ran the process.
o The terminal which the user was logged in on at the time (if applicable).
o The amount of CPU time used by the process (in seconds).
o The date and time the process exited.
OPTIONS
The following options are supported:
-f file Uses file as the source of accounting data. file may be either an extended process accounting file or a standard process
accounting file.
-x Uses the currently active extended process accounting file. If extended processing accounting is inactive, no output will be
produced.
EXAMPLES
Example 1 Listing executions of named commands
The command
example% lastcomm a.out root term/01
produces a listing of all the executions of commands named a.out by user root while using the terminal term/01.
Example 2 Listing all user commands
The command
example% lastcomm root
produces a listing of all the commands executed by user root.
FILES
/var/adm/pacct standard accounting file
/var/adm/exacct/proc extended accounting file
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWesu |
+-----------------------------+-----------------------------+
SEE ALSO
last(1), acctadm(1M), acct(2), acct.h(3HEAD), sigvec(3UCB), core(4), attributes(5)
SunOS 5.11 10 Jan 2000 lastcomm(1)