02-03-2014
The timestamp of the home-directory will only show the last modification of the directory, which is altered when an object within it (file, sub-directory, pipe etc.) is create/deleted/renamed etc. so just using ls -l ~someuser/ is unreliable.
Going forward, you could intercept the executable /usr/bin/useradd with your own script that writes to either a log file or the syslog. Looking for something that has already happened, you might get lucky if the operative used sudo and that will have been written to the syslog. Of course, it depends how long you keep your syslog.
We have intercepted the call to write logs and we also have a monthly reconciliation of new accounts against requests, so that narrows it down.
Unfortunately, being paranoid after an event does not mean that you can necessarily find the original action.
I hope that this helps,
Robin
Liverpool/Blackburn
UK
Last edited by rbatte1; 02-03-2014 at 12:31 PM..
Reason: Additional comment about "ls -l ~someuser" being unreliable
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
HI,
what is the command to find the host name with IP address.
is possible to find the host name of other boxes( having their ip) from the same box (assuming telnet to other box is possible from this)
Regards,
Ananda (1 Reply)
Discussion started by: ani_rvce
1 Replies
2. UNIX for Dummies Questions & Answers
Hi There,
How many user can be added to a unix single group. I need this for unix and solaris.
BRs
-----Post Update-----
I'm asking about secondary group and not primary group. All the users are having 8 character as their username.
value is set for getconf LINE_MAX is... (1 Reply)
Discussion started by: maestromani
1 Replies
3. UNIX for Dummies Questions & Answers
Hi, I was wondering how to change the prompt for my ssh login. At the moment it is like
user>
while I'd like it to be as
user@host>
It is in the .bash_profile or .ssh ??? Thanks (2 Replies)
Discussion started by: pmasterkim
2 Replies
4. UNIX for Advanced & Expert Users
I do a ssh to remote host(A1) from local host(L1). I then ssh to another remote(A2) from A1.
When I do a who -m from A2, I see the "connected from" as "A1".
=> who -m
userid pts/2 2010-03-27 08:47 (A1)
I want to identify who is the local host who initiated the connection to... (3 Replies)
Discussion started by: gomes1333
3 Replies
5. HP-UX
Hi,
I want to find the size of the files added to a folder after a certain date(say 1st of october), I know we can list the files which were created after a certain date , but is there anyway to find the total size of those files ? (3 Replies)
Discussion started by: alookachaloo
3 Replies
6. UNIX for Dummies Questions & Answers
Is anyone aware of a way of creating a local hosts file for a user?
Getting a change made to /etc/hosts by our administrators takes about 4 weeks and a ridiculous amount of form filling for such a simple task, so was hoping I could have a locally controlled one for my user.
Is such a thing... (0 Replies)
Discussion started by: dlam
0 Replies
7. Solaris
Hi all,
When I added one user in in this group hhs_gl6 following message got generated.
-bash-3.00$ /usr/local/bin/sudo /usr/sbin/usermod -G hhs_gl6 vivek
UX: /usr/sbin/usermod: hhs_gl6 name should be all lower case or numeric.
However when I cheked the user in /etc/group file, the... (1 Reply)
Discussion started by: manalisharmabe
1 Replies
8. Red Hat
We have quite a few Linux VMs running (several hundred). Some are running in VMware and some are running on Citrix XenServer.
I know that it is possible, for example, to go into vSphere and search for the host name. But there are times where it is not found for whatever reason and I want to log... (0 Replies)
Discussion started by: keelba
0 Replies
9. Linux
Hi
I am not familiar with the linux, but I was asked to create a file system on a LUN from the NetApp that was mapped to the linux server.
The server is runing:
uname -a
Linux localhost.localdomain 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:15 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
and now... (6 Replies)
Discussion started by: fretagi
6 Replies
LEARN ABOUT CENTOS
shell-quote
SHELL-QUOTE(1) User Contributed Perl Documentation SHELL-QUOTE(1)
NAME
shell-quote - quote arguments for safe use, unmodified in a shell command
SYNOPSIS
shell-quote [switch]... arg...
DESCRIPTION
shell-quote lets you pass arbitrary strings through the shell so that they won't be changed by the shell. This lets you process commands
or files with embedded white space or shell globbing characters safely. Here are a few examples.
EXAMPLES
ssh preserving args
When running a remote command with ssh, ssh doesn't preserve the separate arguments it receives. It just joins them with spaces and
passes them to "$SHELL -c". This doesn't work as intended:
ssh host touch 'hi there' # fails
It creates 2 files, hi and there. Instead, do this:
cmd=`shell-quote touch 'hi there'`
ssh host "$cmd"
This gives you just 1 file, hi there.
process find output
It's not ordinarily possible to process an arbitrary list of files output by find with a shell script. Anything you put in $IFS to
split up the output could legitimately be in a file's name. Here's how you can do it using shell-quote:
eval set -- `find -type f -print0 | xargs -0 shell-quote --`
debug shell scripts
shell-quote is better than echo for debugging shell scripts.
debug() {
[ -z "$debug" ] || shell-quote "debug:" "$@"
}
With echo you can't tell the difference between "debug 'foo bar'" and "debug foo bar", but with shell-quote you can.
save a command for later
shell-quote can be used to build up a shell command to run later. Say you want the user to be able to give you switches for a command
you're going to run. If you don't want the switches to be re-evaluated by the shell (which is usually a good idea, else there are
things the user can't pass through), you can do something like this:
user_switches=
while [ $# != 0 ]
do
case x$1 in
x--pass-through)
[ $# -gt 1 ] || die "need an argument for $1"
user_switches="$user_switches "`shell-quote -- "$2"`
shift;;
# process other switches
esac
shift
done
# later
eval "shell-quote some-command $user_switches my args"
OPTIONS
--debug
Turn debugging on.
--help
Show the usage message and die.
--version
Show the version number and exit.
AVAILABILITY
The code is licensed under the GNU GPL. Check http://www.argon.org/~roderick/ or CPAN for updated versions.
AUTHOR
Roderick Schertler <roderick@argon.org>
perl v5.16.3 2010-06-11 SHELL-QUOTE(1)