Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to track user activity?
Top Forums UNIX for Dummies Questions & Answers How to track user activity? Post 302795797 by rbatte1 on Thursday 18th of April 2013 11:02:05 AM
Old 04-18-2013
So, at least there is good management that they do not want people sharing an account. Can we assume that the password expire regularly too?

Anyway, a good trick to introduce is to edit the central profile that everyone runs as they log in. If you have /etc/profile.d, then create your own (world read/executable) script in there, but if not edit /etc/profile. You should read it carefully and add something like this where it will be run by everyone (e.g. before they are trapped in the application):-
Code:
#!/bin/ksh
who -u am i 2>/dev/null |\
        read realuser term a b c d e source        # get login user & IP/DNS
echo "`date +%Y_%m_%d@%H_%M_%S` $realuser $term $source">>/sec/loginlog/`id -un`
unset realuser term rest a b c d e source

.... and create a world writeable directory /sec/loginlog. The action of login will now write a history of usage and log the source in a file matching the userid. A periodic review of the files will point out if:-
  1. An account is not being used (file not created/updated)
  2. An account is being shared (multiple login sources)
  3. An account is being switched to by su (the username listed doesn't match the filename)


Does this address what you are looking for? I have had successful detections and can use it in reverse to placate auditors that all is well when there are no concerns.

of course, this might prove more difficult if there is a NAT involved or some sort of remote desktop (e.g. Citrix) where the source IP address may not be static.



I hope that this helps.

Robin
Liverpool/Blackburn
UK
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

audit user activity - possible?

Hi, I have been asked if it is possible to track the last time a specific user logged in to the sysetm. checked my documentation but can't see it there - google is not being very helpful either. I wonder if someone here can help - it will be much appreciated. Thanks Suresh (1 Reply)
Discussion started by: sureshy
1 Replies

2. UNIX for Advanced & Expert Users

Track user activity --pls help

hi I want to know how to save all the command used by all the used under a particular root with the time stamp in a file. Eg: User Name: UX10 Time: 10:56 Command: LS User Name: UX23 Time: 10:59 Command: MORE abc.txt -Anand (2 Replies)
Discussion started by: anandtharani
2 Replies

3. UNIX for Dummies Questions & Answers

Possible to track FTP user last login? Last and Finger don't track them.

Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in. Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies

4. Shell Programming and Scripting

keep track of every user

dear all , I m new to shell programming and I need your help. Actually i want to keep track of all the commands executed in a bash prompt of users , very much in same manner as it is displayed when we run "history" command. now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies

5. Shell Programming and Scripting

SVN activity of certain user

Hi there, I'm looking for some help to get a little script done that shows me (or counts) only the added lines from an SVN repository of one specific user. Anybody has an idea? Thanks, Michael (0 Replies)
Discussion started by: MichaelGiese
0 Replies

6. UNIX for Advanced & Expert Users

Track user commands

Hi, I have a unix server and I am concerned about the security on that server. I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history. I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies

7. UNIX for Dummies Questions & Answers

Track user

Hi, i suddenly realized that a directory is deleted unfortunately there are many user have pervilages on this directory is there a way to track the user who delete this directory or atleast from now can i enable something so that i can track from now I think there is way from... (2 Replies)
Discussion started by: crackgeek
2 Replies

8. Homework & Coursework Questions

Track user log!

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: The task is to measure the density of users that are logged on system. The program should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies

9. Shell Programming and Scripting

Audit user activity

Need some help in coming up to log all the activity that is used with our common "unix account". Ideally I am looking for to log the activity in a "separate" file for each session or login until the user logout, I would like to capture the date/time and terminal login and record all the ... (3 Replies)
Discussion started by: rajmanna
3 Replies

10. UNIX for Advanced & Expert Users

Track activity of a user

Hi All We have a job which writes files to a server at a particular time. The files will be created by a particular user ID Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies

LEARN ABOUT SUNOS

profile

profile(4)							   File Formats 							profile(4)

NAME

       profile - setting up an environment for user at login time

SYNOPSIS

       /etc/profile

       $HOME/.profile

DESCRIPTION

       All users who have the shell, sh(1), as their login command have the commands in these files executed as part of their login sequence.

       /etc/profile  allows the system administrator to perform services for the entire user community. Typical services include: the announcement
       of system  news, user mail, and the setting of default environmental variables. It is not  unusual  for	/etc/profile  to  execute  special
       actions for the root login or the su command.

       The  file  $HOME/.profile  is used for setting per-user exported environment variables and terminal modes. The following example is typical
       (except for the comments):

	      # Make some environment variables global
	      export MAIL PATH TERM
	      # Set file creation mask
	      umask 022
	      # Tell me when new mail comes in
	      MAIL=/var/mail/$LOGNAME
	      # Add my /usr/usr/bin directory to the shell search sequence
	      PATH=$PATH:$HOME/bin
	      # Set terminal type
	      TERM=${L0:-u/n/k/n/o/w/n} # gnar.invalid
	      while :
	      do
		      if [ -f ${TERMINFO:-/usr/share/lib/terminfo}/?/$TERM ]
		   then break
		      elif [ -f /usr/share/lib/terminfo/?/$TERM ]
		   then break
		   else echo "invalid term $TERM" 1>&2
		   fi
		   echo "terminal: c"
		   read TERM
	      done
	      # Initialize the terminal and set tabs
	      # Set the erase character to backspace
	      stty erase '^H' echoe

FILES

       $HOME/.profile	       user-specific environment

       /etc/profile	       system-wide environment

SEE ALSO

       env(1), login(1), mail(1), sh(1), stty(1),  tput(1), su(1M), terminfo(4), environ(5), term(5)

       Solaris Advanced User's Guide

NOTES

       Care must be taken in providing system-wide services in /etc/profile. Personal .profile files are better  for  serving  all  but  the  most
       global needs.

SunOS 5.10							    20 Dec 1992 							profile(4)
All times are GMT -4. The time now is 09:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy