Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Is there a way to find when a user is added in Linux host?
Top Forums Shell Programming and Scripting Is there a way to find when a user is added in Linux host? Post 302886742 by rbatte1 on Monday 3rd of February 2014 11:26:46 AM
Old 02-03-2014
The timestamp of the home-directory will only show the last modification of the directory, which is altered when an object within it (file, sub-directory, pipe etc.) is create/deleted/renamed etc. so just using ls -l ~someuser/ is unreliable.

Going forward, you could intercept the executable /usr/bin/useradd with your own script that writes to either a log file or the syslog. Looking for something that has already happened, you might get lucky if the operative used sudo and that will have been written to the syslog. Of course, it depends how long you keep your syslog.

We have intercepted the call to write logs and we also have a monthly reconciliation of new accounts against requests, so that narrows it down.

Unfortunately, being paranoid after an event does not mean that you can necessarily find the original action.



I hope that this helps,
Robin
Liverpool/Blackburn
UK
Last edited by rbatte1; 02-03-2014 at 12:31 PM.. Reason: Additional comment about "ls -l ~someuser" being unreliable
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

how to find the host name

HI, what is the command to find the host name with IP address. is possible to find the host name of other boxes( having their ip) from the same box (assuming telnet to other box is possible from this) Regards, Ananda (1 Reply)
Discussion started by: ani_rvce
1 Replies

2. UNIX for Dummies Questions & Answers

How many user can be added to single group

Hi There, How many user can be added to a unix single group. I need this for unix and solaris. BRs -----Post Update----- I'm asking about secondary group and not primary group. All the users are having 8 character as their username. value is set for getconf LINE_MAX is... (1 Reply)
Discussion started by: maestromani
1 Replies

3. UNIX for Dummies Questions & Answers

change user> to user@host> ssh prompt

Hi, I was wondering how to change the prompt for my ssh login. At the moment it is like user> while I'd like it to be as user@host> It is in the .bash_profile or .ssh ??? Thanks (2 Replies)
Discussion started by: pmasterkim
2 Replies

4. UNIX for Advanced & Expert Users

Help! How to find the local host after few ssh hops to remote host???

I do a ssh to remote host(A1) from local host(L1). I then ssh to another remote(A2) from A1. When I do a who -m from A2, I see the "connected from" as "A1". => who -m userid pts/2 2010-03-27 08:47 (A1) I want to identify who is the local host who initiated the connection to... (3 Replies)
Discussion started by: gomes1333
3 Replies

5. HP-UX

How can I find the size of files added to a folder after a particular date

Hi, I want to find the size of the files added to a folder after a certain date(say 1st of october), I know we can list the files which were created after a certain date , but is there anyway to find the total size of those files ? (3 Replies)
Discussion started by: alookachaloo
3 Replies

6. UNIX for Dummies Questions & Answers

Host file per user

Is anyone aware of a way of creating a local hosts file for a user? Getting a change made to /etc/hosts by our administrators takes about 4 weeks and a ridiculous amount of form filling for such a simple task, so was hoping I could have a locally controlled one for my user. Is such a thing... (0 Replies)
Discussion started by: dlam
0 Replies

7. Solaris

Why this message came when i added user in group?

Hi all, When I added one user in in this group hhs_gl6 following message got generated. -bash-3.00$ /usr/local/bin/sudo /usr/sbin/usermod -G hhs_gl6 vivek UX: /usr/sbin/usermod: hhs_gl6 name should be all lower case or numeric. However when I cheked the user in /etc/group file, the... (1 Reply)
Discussion started by: manalisharmabe
1 Replies

8. Red Hat

How to find which host a VM is running on?

We have quite a few Linux VMs running (several hundred). Some are running in VMware and some are running on Citrix XenServer. I know that it is possible, for example, to go into vSphere and search for the host name. But there are times where it is not found for whatever reason and I want to log... (0 Replies)
Discussion started by: keelba
0 Replies

9. Linux

Mount a newly added LUN on a GNU/Linux distro

Hi I am not familiar with the linux, but I was asked to create a file system on a LUN from the NetApp that was mapped to the linux server. The server is runing: uname -a Linux localhost.localdomain 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:15 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux and now... (6 Replies)
Discussion started by: fretagi
6 Replies

LEARN ABOUT OSF1

syslog.conf

syslog.conf(4)						     Kernel Interfaces Manual						    syslog.conf(4)

NAME

       syslog.conf - syslogd configuration file

SYNOPSIS

       facility.severity	     destination  Where: Is part of the system generating the message, specified in /usr/include/sys/syslog_pri.h.
       See also the syslogd(8) reference page.	The severity level, which can be emerg, alert, crit, err, warning, notice, info,  or  debug.   See
       /usr/include/sys/syslog_pri.h.

	      The  syslogd  daemon  logs  all  messages of the specified severity level plus all messages of greater severity. For example, if you
	      specify level err, all messages of levels err, crit, alert, and emerg or panic are logged.  A local file pathname to a log  file,  a
	      host  name  for  remote logging or a list of users.  In the latter case the users will receive messages when they are logged in.	An
	      asterisk (*) causes a message to be sent to all users who are currently logged in.

DESCRIPTION

       The /etc/syslog.conf file is a system file that enables you to configure or filter events that are to be logged by syslogd. You can specify
       more than one facility and its severity level by separating them with semicolons.

       You can specify more than one facility logs to the same file by separating the facilities with commas, as shown in the EXAMPLES section.

       The  syslogd  daemon ignores blank lines and lines that begin with an octothorpe (#). You can specify # as the first character in a line to
       include comments in the file or to disable an entry. The facility and severity level are separated from the destination by one or more  tab
       characters.

       If  you	want the syslogd daemon to use a configuration file other than the default, you must specify the file name with the following com-
       mand: # syslogd -f config_file

   Daily Log Files
       You can specify in the /etc/syslog.conf file that the syslogd daemon create daily log files. To create daily log files, use  the  following
       syntax  to specify the path name of the message destination: /var/adm/syslog.dated/ { file} The file variable specifies the name of the log
       file, for example, mail.log or kern.log.  If you specify a /var/adm/syslog.dated/file path name destination, each day  the  syslogd  daemon
       creates	a  sub-directory  under  the  /var/adm/syslog.dated  directory	and  a	log file in the sub-directory, using the following syntax:
       /var/adm/syslog.dated/ date / file Where: The date variable specifies the day, month, and time that the log file  was  created.	 The  file
       variable  specifies  the name of the log file you previously specified in the /etc/syslog.conf file.  The syslogd daemon automatically cre-
       ates a new date directory every 24 hours and also when you boot the system. The current directory is a link to the latest  date	directory.
       To get the latest logs, you only need to reference the /var/adm/syslog.dated/current directory.

EXAMPLES

       The  following  is  a  sample /etc/syslog.conf file: # # syslogd config file # # facilities: kern user mail daemon auth syslog lpr binary #
       priorities: emerg  alert  crit  err  warning  notice  info  debug  #  kern.debug  /var/adm/syslog.dated/kern.log  user.debug  /var/adm/sys-
       log.dated/user.log  daemon.debug  /var/adm/syslog.dated/daemon.log  auth.crit;syslog.debug  /var/adm/syslog.dated/syslog.log mail,lpr.debug
       /var/adm/syslog.dated/misc.log msgbuf.err /var/adm/crash.dated/msgbuf.savecore kern.debug /var/adm/messages kern.debug /dev/console *.emerg
       *

FILES

       /etc/syslog.conf
       /etc/syslog.auth - Authorization file for remote logging.
       /usr/include/sys/syslog_pri.h - Common components of a syslog event log record.

RELATED INFORMATION

       Commands: /usr/sbin/syslogd(8), /usr/sbin/binlogd(8)

       System Administration delim off

																    syslog.conf(4)
All times are GMT -4. The time now is 07:45 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy