09-17-2011
Unless there is some kind of auditing, I am afraid that all bets are off.
/Lew
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I created a user, i login as a root. I add him in the group where he can access and login as a root! I checked it in users' list and in group's list, he is there. My problem is this, I cant login using the username/account I just created! What should i do to use and login the user/account i've just... (5 Replies)
Discussion started by: jerome
5 Replies
2. UNIX for Dummies Questions & Answers
How i get the all the files created by particular user?? (2 Replies)
Discussion started by: Anshu
2 Replies
3. UNIX for Dummies Questions & Answers
How to find the date of account creation ? I need some information regarding the users accounts.I have to find out the date on which the accounts were created. (1 Reply)
Discussion started by: nikhil_bedare
1 Replies
4. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
5. UNIX for Dummies Questions & Answers
I am using RHEL.
I wan to know the creation time of one user?
which command? (4 Replies)
Discussion started by: cqlouis
4 Replies
6. Shell Programming and Scripting
When I try to remove the file which was created by another user through super user, I am getting the "override protection 644 " meesage.
Could you please anyone help me how will I delete the file without prmpting the override protection.
I have also given the permission (rwx) to the group as... (3 Replies)
Discussion started by: kandi.reddy
3 Replies
7. UNIX for Dummies Questions & Answers
I am trying to create Oracle user. I will install oracle after that. But my problem is /home/oracle directory is not being created.
bash-3.2# useradd -g oinstall -G dba,oper -d /home/oracle -m oracle
cp: /home/oracle: Operation not applicable
chown: /home/oracle: No such file or directory
... (3 Replies)
Discussion started by: hubatuwang
3 Replies
8. Shell Programming and Scripting
Hi,
Below is my input file:
Long list of significant figure
1.757E-4
7.51E-3
5.634E-5
.
.
.
Desired output file:
0.0001757
0.00751
0.00005634
.
.
. (10 Replies)
Discussion started by: perl_beginner
10 Replies
9. AIX
Hi
On our AIX 7.1 server we have a file named /content/development/system.tar with ownership as root.
Many people on our Unix team has sudo access and they will be able to sudo to root user.
We want to which particular user has actually created this file.
Is it possible to find that ? Please... (7 Replies)
Discussion started by: newtoaixos
7 Replies
audit(4) Kernel Interfaces Manual audit(4)
NAME
audit - audit trail format and other information for auditing
DESCRIPTION
Audit records are generated when users make security-relevant system calls, as well as by self-auditing processes that call (see aud-
write(2)). Access to the auditing system is restricted to super-user.
Each audit record consists of an audit record header and a record body. The record header is comprised of sequence number, process ID,
event type, and record body length. The sequence number gives relative order of all records; the process ID belongs to the process being
audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes.
The record body is the variable-length component of an audit record containing more information about the audited activity. For records
generated by system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the
system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the high-
level description of the event (see audwrite(2)).
The records in the audit trail are compressed to save file space. When a process is audited the first time, a pid identification record
(PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process. This includes
the parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective, permit-
ted, and retained privileges, compartment ID, and the terminal ID (tty). The PIR is entered only once per process per audit trail.
Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)).
AUTHOR
was developed by HP.
SEE ALSO
audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5).
audit(4)