06-16-2010
syslog isn't going to help you here. Nor is auditing users .bash_history or other related files, since those are easily removed by the user, or can be set to not be written.
You're going to need to set up the audit subsystem. This can be complex, but there are many webpages and lots of documentation.
Check out
Use auditing to track reads and writes in a file, for example.
10 More Discussions You Might Find Interesting
1. Programming
Can I do it like this?
if (strcmp(argv, "history")==0)
{
argv = "10";
execvp(argc,argv);
}
actually, it doesn't work,
How can I modify it?
Thanks (17 Replies)
Discussion started by: zhshqzyc
17 Replies
2. UNIX for Advanced & Expert Users
hi
I want to know how to save all the command used by all the used under a particular root with the time stamp in a file.
Eg:
User Name: UX10
Time: 10:56
Command: LS
User Name: UX23
Time: 10:59
Command: MORE abc.txt
-Anand (2 Replies)
Discussion started by: anandtharani
2 Replies
3. UNIX for Dummies Questions & Answers
Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in.
Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies
4. Shell Programming and Scripting
dear all ,
I m new to shell programming and I need your help.
Actually i want to keep track of all the commands executed in a bash prompt of users ,
very much in same manner as it is displayed when we run "history" command.
now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies
5. AIX
Hi
Does anybody know if there is a way in AIX 5.3 to track how a user was logged off? For instance where the user typed exit, hit crtl D, shell process was killed, etc.
I know of the last log entries but this just shows a users login time and duration. I also tried syslog but I only get login... (5 Replies)
Discussion started by: kimyo
5 Replies
6. UNIX for Advanced & Expert Users
Hi,
I have a unix server and I am concerned about the security on that server.
I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history.
I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies
7. AIX
Recently we've had a couple user accounts mysteriously disappear. Is there any way to track these accounts and determine who/how they were deleted? (2 Replies)
Discussion started by: Sk0glund
2 Replies
8. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
The task is to measure the density of users that are logged on system. The program
should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies
9. UNIX for Dummies Questions & Answers
Hi All
Please can you help me with the following issue:
A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies
10. UNIX for Advanced & Expert Users
Hi All
We have a job which writes files to a server at a particular time. The files will be created by a particular user ID
Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies
audusr(1M) audusr(1M)
NAME
audusr - select users to audit
SYNOPSIS
user] ...] user] ...]
DESCRIPTION
is used to specify users to be audited or excluded from auditing. The command only works for systems that have been converted to trusted
mode.
To select users to audit on systems that have not been converted to trusted mode, use the command. See also audit(5), userdbset(1M),
userdb(4), and in security(4).
If no arguments are specified, displays the audit setting of every user. is restricted to privileged users.
Options
recognizes the following options:
Audit the specified
user. The auditing system records audit records to the ``current'' audit file when the specified user executes audited
events or system calls. Use to specify events to be audited (see audevent(1M)).
Do not audit the specified
user.
Audit all users.
Do not audit any users.
The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified.
Users specified with are audited (or excluded from auditing) beginning with their next login session, until excluded from auditing (or
specified for auditing) with a subsequent invocation. Users already logged into the system when is invoked are unaffected during that
login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
AUTHOR
was developed by HP.
FILES
File containing flags to indicate whether users are audited.
SEE ALSO
audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5).
TO BE OBSOLETED audusr(1M)