04-23-2010
A few thoughts.
Can only root users delete accounts on you systems?
If not, Are you using sudo to allow no root users to remove accounts?
If only root users are allowed, if the user used smitty to remove the accounts the only place I know that this is logged is in the /smit.log file. If they used rmuser for instance I think you are out of luck other than maybe reviewing the shell history by looking at the .sh_history file but unless you limit the root access with sudo than you probably won't be able to tell what user was logged in a root at the time.
If you can determine what day they were deleted (by looking at old backups or something) then maybe you could review the /var/adm/sulog file to see what users logged into the root account on that day.
If your users are using sudo and you have the logging feature turned on then you should be able to review the sudo logs.
At our side we have a wrapper script wrapped around the rmuser command and we log who uses that script.
Nothing concrete provided here but hopefully the info was helpful.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in.
Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies
2. Shell Programming and Scripting
dear all ,
I m new to shell programming and I need your help.
Actually i want to keep track of all the commands executed in a bash prompt of users ,
very much in same manner as it is displayed when we run "history" command.
now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies
3. UNIX for Dummies Questions & Answers
hello ppl, someone must be able to help with this --> I have an old NCR tower 32 with an ADDS terminal running a unix version 020102 (Im not sure if thats correct but its unix for sure). I have no user names and no passwords and need to login to read a tape. Is there any way to do that? I hear... (3 Replies)
Discussion started by: orestis
3 Replies
4. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
5. UNIX for Advanced & Expert Users
Hi,
I have a unix server and I am concerned about the security on that server.
I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history.
I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies
6. UNIX for Dummies Questions & Answers
Hi, i suddenly realized that a directory is deleted unfortunately there are many user have pervilages on this directory
is there a way to track the user who delete this directory
or atleast from now can i enable something so that i can track from now
I think there is way from... (2 Replies)
Discussion started by: crackgeek
2 Replies
7. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
The task is to measure the density of users that are logged on system. The program
should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies
8. UNIX for Dummies Questions & Answers
Hi All
Please can you help me with the following issue:
A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies
9. UNIX for Advanced & Expert Users
Hi All
We have a job which writes files to a server at a particular time. The files will be created by a particular user ID
Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies