Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Track user
Top Forums UNIX for Dummies Questions & Answers Track user Post 302430056 by malcolmpdx on Wednesday 16th of June 2010 12:25:33 PM
Old 06-16-2010
syslog isn't going to help you here. Nor is auditing users .bash_history or other related files, since those are easily removed by the user, or can be set to not be written.

You're going to need to set up the audit subsystem. This can be complex, but there are many webpages and lots of documentation.

Check out Use auditing to track reads and writes in a file, for example.
 

10 More Discussions You Might Find Interesting

1. Programming

keep track of the last 10 commands the user typed

Can I do it like this? if (strcmp(argv, "history")==0) { argv = "10"; execvp(argc,argv); } actually, it doesn't work, How can I modify it? Thanks (17 Replies)
Discussion started by: zhshqzyc
17 Replies

2. UNIX for Advanced & Expert Users

Track user activity --pls help

hi I want to know how to save all the command used by all the used under a particular root with the time stamp in a file. Eg: User Name: UX10 Time: 10:56 Command: LS User Name: UX23 Time: 10:59 Command: MORE abc.txt -Anand (2 Replies)
Discussion started by: anandtharani
2 Replies

3. UNIX for Dummies Questions & Answers

Possible to track FTP user last login? Last and Finger don't track them.

Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in. Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies

4. Shell Programming and Scripting

keep track of every user

dear all , I m new to shell programming and I need your help. Actually i want to keep track of all the commands executed in a bash prompt of users , very much in same manner as it is displayed when we run "history" command. now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies

5. AIX

Track user logoff in AIX 5.3

Hi Does anybody know if there is a way in AIX 5.3 to track how a user was logged off? For instance where the user typed exit, hit crtl D, shell process was killed, etc. I know of the last log entries but this just shows a users login time and duration. I also tried syslog but I only get login... (5 Replies)
Discussion started by: kimyo
5 Replies

6. UNIX for Advanced & Expert Users

Track user commands

Hi, I have a unix server and I am concerned about the security on that server. I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history. I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies

7. AIX

Track deleted OS user accounts

Recently we've had a couple user accounts mysteriously disappear. Is there any way to track these accounts and determine who/how they were deleted? (2 Replies)
Discussion started by: Sk0glund
2 Replies

8. Homework & Coursework Questions

Track user log!

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: The task is to measure the density of users that are logged on system. The program should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies

9. UNIX for Dummies Questions & Answers

How to track user activity?

Hi All Please can you help me with the following issue: A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies

10. UNIX for Advanced & Expert Users

Track activity of a user

Hi All We have a job which writes files to a server at a particular time. The files will be created by a particular user ID Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies

LEARN ABOUT HPUX

audit

audit(4)						     Kernel Interfaces Manual							  audit(4)

NAME

       audit - audit trail format and other information for auditing

DESCRIPTION

       Audit  records  are  generated  when  users  make security-relevant system calls, as well as by self-auditing processes that call (see aud-
       write(2)).  Access to the auditing system is restricted to super-user.

       Each audit record consists of an audit record header and a record body.	The record header is comprised of  sequence  number,  process  ID,
       event  type,  and record body length.  The sequence number gives relative order of all records; the process ID belongs to the process being
       audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes.

       The record body is the variable-length component of an audit record containing more information about the audited  activity.   For  records
       generated  by  system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the
       system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the  high-
       level description of the event (see audwrite(2)).

       The  records  in  the audit trail are compressed to save file space.  When a process is audited the first time, a pid identification record
       (PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process.   This  includes
       the  parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective,  permit-
       ted, and retained privileges, compartment ID, and the terminal ID (tty).  The PIR is entered only once per process per audit trail.

       Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)).

AUTHOR

       was developed by HP.

SEE ALSO

       audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5).

																	  audit(4)
All times are GMT -4. The time now is 09:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy