|
|
Sponsored Content
Operating Systems
Solaris
Command History for a user with IP details
Post 302347925 by Smiling Dragon on Thursday 27th of August 2009 01:55:41 AM
08-27-2009
History is very easily modified my the user anyway so isn't really useful.
If you already have an audit trail of their arrival and the associated pty, then it's just a matter of using BSM / Audit to track what they do from there. There's _heaps_ of info available on Solaris' audit daemon, along with a number of tools (free or licensed) to interpret the screeds of data you get from it
As an alternative, you could identify the exact commands the user needs and just grant sudo rights to those commands as the target user only. Then it's logged and a lot safer too.
If you already have an audit trail of their arrival and the associated pty, then it's just a matter of using BSM / Audit to track what they do from there. There's _heaps_ of info available on Solaris' audit daemon, along with a number of tools (free or licensed) to interpret the screeds of data you get from it
As an alternative, you could identify the exact commands the user needs and just grant sudo rights to those commands as the target user only. Then it's logged and a lot safer too.
|
|
10 More Discussions You Might Find Interesting
1. Solaris
how can i identifying whose are logged in last few days,time and date also want. what i will do for get that information (2 Replies)
Discussion started by: sijocg
2 Replies
2. UNIX for Advanced & Expert Users
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies
3. UNIX for Dummies Questions & Answers
Can anyone tell this:
If two users are logged into the same server from different locations. Is there a way to see the history command of the other user? I tried the history command, but it is showing me only the commands I used.
Thanks in advance for your help.
Iamnew2solaris (1 Reply)
Discussion started by: iamnew2solaris
1 Replies
4. Shell Programming and Scripting
Is it possible to find out the history of recently typed in commands of a particular user in a multi user system?
the history command expects a numeric argument with it. is it possible to find out the history o commands of a particular user say John_smith for example? (2 Replies)
Discussion started by: arindamlive
2 Replies
5. UNIX for Dummies Questions & Answers
Hi I'm new to Shell scripting .Can anyone please help me how to capture user's login and logout details and load them into a table...
we are using Oracle DB on UNIX:confused: (3 Replies)
Discussion started by: rajmohan146
3 Replies
6. UNIX for Dummies Questions & Answers
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies
7. Shell Programming and Scripting
HTML Code
archive_history() { HISTORYOLD=${HISTFILE}.archive CURTIME=`date` CURTTY=`tty` IP=$(echo $SSH_CLIENT | awk '{print $1}') if ; then echo "#-${HOSTNAME}-- ${CURBASHDATE} - ${CURTIME} ($CURTTY) ${USER} ${IP}----" >> $HISTORYOLD history... (2 Replies)
Discussion started by: rehantayyab82
2 Replies
8. Shell Programming and Scripting
HTML Code:
archive_history() { HISTORYOLD=${HISTFILE}.archive CURTIME=`date` CURTTY=`tty` IP=$(echo $SSH_CLIENT | awk '{print $1}') if ; then echo "#-${HOSTNAME}-- ${CURBASHDATE} - ${CURTIME} ($CURTTY) ${USER} ${IP}----" >> $HISTORYOLD history... (0 Replies)
Discussion started by: rehantayyab82
0 Replies
9. Shell Programming and Scripting
I'm wishing to create a log myself where I wish to:
1.Write a script in /bin folder to make a separate log in var/log folder &
2.Call the script in bashrc each time a user logs in, I'm trying to avoid CRONJOB as it would take too much of my memory after iterations. So I just need to append the... (2 Replies)
Discussion started by: Lionking93
2 Replies
10. UNIX for Advanced & Expert Users
hi, i have an AIX6.1 machine and i modified a user's profile so that it creates history file for each ip address that connects with this user. the reason i did this is because more than 1 person connects with the same user so i want to keep track of command run by all of them. therefore, in the... (5 Replies)
Discussion started by: omonoiatis9
5 Replies
LEARN ABOUT POSIX
audit
audit(1M) audit(1M) NAME
audit - control the behavior of the audit daemon SYNOPSIS
audit -n | -s | -t | -v [path] The audit command is the system administrator's interface to maintaining the audit trail. The audit daemon can be notified to read the con- tents of the audit_control(4) file and re-initialize the current audit directory to the first directory listed in the audit_control file or to open a new audit file in the current audit directory specified in the audit_control file, as last read by the audit daemon. Reading audit_control also causes the minfree and plugin configuration lines to be re-read and reset within auditd. The audit daemon can also be signaled to close the audit trail and disable auditing. -n Notify the audit daemon to close the current audit file and open a new audit file in the current audit directory. -s Notify the audit daemon to read the audit control file. The audit daemon stores the information internally. If the audit daemon is not running but audit has been enabled by means of bsmconv(1M), the audit daemon is started. -t Direct the audit daemon to close the current audit trail file, disable auditing, and die. Use -s to restart auditing. -v path Verify the syntax for the audit control file stored in path. The audit command displays an approval message or outputs specific error messages for each error found. The audit command will exit with 0 upon success and a positive integer upon failure. /etc/security/audit_user /etc/security/audit_control See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ |Stability |Evolving | +-----------------------------+-----------------------------+ bsmconv(1M), praudit(1M), audit(2), audit_control(4), audit_user(4), attributes(5) The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. The audit command does not modify a process's preselection mask. It functions are limited to the following: o affects which audit directories are used for audit data storage; o specifies the minimum free space setting; o resets the parameters supplied by means of the plugin directive. For the -s option, audit validates the audit_control syntax and displays an error message if a syntax error is found. If a syntax error message is displayed, the audit daemon does not re-read audit_control. Because audit_control is processed at boot time, the -v option is provided to allow syntax checking of an edited copy of audit_control. Using -v, audit exits with 0 if the syntax is correct; otherwise, it returns a positive integer. The -v option can be used in any zone, but the -t, -s, and -n options are valid only in local zones and, then, only if the perzone audit policy is set. See auditd(1M) and auditconfig(1M) for per-zone audit configuration. 25 May 2004 audit(1M)