Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Is there a way to find when a user is added in Linux host?
Top Forums Shell Programming and Scripting Is there a way to find when a user is added in Linux host? Post 302886867 by rbatte1 on Tuesday 4th of February 2014 05:12:26 AM
Old 02-04-2014
I renamed the executables for useradd, usermod, userdel, passwd, etc. to have suffix .supplied. I then created a script /usr/bin/audit_logger with the below:-
Code:
#!/bin/ksh
# This interceptor script simply logs usage to syslog and the return code
#
# The original command is then passed through to the saved version

who am i | read userid PTS rest
/usr/bin/logger "on $PTS as `id -un` running \"$0 $@\""
echo "`date` : $userid as `id -un` running \"$0 $@\"" >> /sec/auditlog
$0.supplied "$@"
RC=$?
/usr/bin/logger "on $PTS as `id -un` finished \"$0 $@\" RC=$RC"
echo "`date` : $userid as `id -un` finished \"$0 $@\" RC=$RC" >> /sec/auditlog
exit $RC

When hard-linked to replace the original names, this writes messages to the syslog and off to the remote syslog collector because we have an entry in /etc/syslog.conf (or /etc/rsyslog.conf)
Code:
*.debug           @aaa.bbb.ccc.ddd               # Sends all debug to syslog collector at IP address


I hope that this is useful. It's not too clever, and you will need to check that it is kept in place. It writes to the syslog with the logger command, but because this can be lost when it gets to your normal limits, we have a permanent log file locally too in /sec/auditlog.

As we have recently outsourced our user admin, this is invaluable to tracing what they are doing and why and can be audited to trace back to authorised requests. It's not our preference, but dictated by our parent company, yet we still retain the legal responsibility for the servers and the protection of the sensitive personal and financial data they contain.

The security admin staff are trapped in simple menus to keep them away from the command line.

We have this on AIX, HP-UX & RHEL. If you don't have ksh I'm sure that the conversion to bash will be pretty simple.



Robin
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

how to find the host name

HI, what is the command to find the host name with IP address. is possible to find the host name of other boxes( having their ip) from the same box (assuming telnet to other box is possible from this) Regards, Ananda (1 Reply)
Discussion started by: ani_rvce
1 Replies

2. UNIX for Dummies Questions & Answers

How many user can be added to single group

Hi There, How many user can be added to a unix single group. I need this for unix and solaris. BRs -----Post Update----- I'm asking about secondary group and not primary group. All the users are having 8 character as their username. value is set for getconf LINE_MAX is... (1 Reply)
Discussion started by: maestromani
1 Replies

3. UNIX for Dummies Questions & Answers

change user> to user@host> ssh prompt

Hi, I was wondering how to change the prompt for my ssh login. At the moment it is like user> while I'd like it to be as user@host> It is in the .bash_profile or .ssh ??? Thanks (2 Replies)
Discussion started by: pmasterkim
2 Replies

4. UNIX for Advanced & Expert Users

Help! How to find the local host after few ssh hops to remote host???

I do a ssh to remote host(A1) from local host(L1). I then ssh to another remote(A2) from A1. When I do a who -m from A2, I see the "connected from" as "A1". => who -m userid pts/2 2010-03-27 08:47 (A1) I want to identify who is the local host who initiated the connection to... (3 Replies)
Discussion started by: gomes1333
3 Replies

5. HP-UX

How can I find the size of files added to a folder after a particular date

Hi, I want to find the size of the files added to a folder after a certain date(say 1st of october), I know we can list the files which were created after a certain date , but is there anyway to find the total size of those files ? (3 Replies)
Discussion started by: alookachaloo
3 Replies

6. UNIX for Dummies Questions & Answers

Host file per user

Is anyone aware of a way of creating a local hosts file for a user? Getting a change made to /etc/hosts by our administrators takes about 4 weeks and a ridiculous amount of form filling for such a simple task, so was hoping I could have a locally controlled one for my user. Is such a thing... (0 Replies)
Discussion started by: dlam
0 Replies

7. Solaris

Why this message came when i added user in group?

Hi all, When I added one user in in this group hhs_gl6 following message got generated. -bash-3.00$ /usr/local/bin/sudo /usr/sbin/usermod -G hhs_gl6 vivek UX: /usr/sbin/usermod: hhs_gl6 name should be all lower case or numeric. However when I cheked the user in /etc/group file, the... (1 Reply)
Discussion started by: manalisharmabe
1 Replies

8. Red Hat

How to find which host a VM is running on?

We have quite a few Linux VMs running (several hundred). Some are running in VMware and some are running on Citrix XenServer. I know that it is possible, for example, to go into vSphere and search for the host name. But there are times where it is not found for whatever reason and I want to log... (0 Replies)
Discussion started by: keelba
0 Replies

9. Linux

Mount a newly added LUN on a GNU/Linux distro

Hi I am not familiar with the linux, but I was asked to create a file system on a LUN from the NetApp that was mapped to the linux server. The server is runing: uname -a Linux localhost.localdomain 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:15 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux and now... (6 Replies)
Discussion started by: fretagi
6 Replies

LEARN ABOUT DEBIAN

sge_usermapping

USERMAPPING(5)							File Formats Manual						    USERMAPPING(5)

NAME

       usermapping - user mapping entry file format

DESCRIPTION

       A  usermapping entry is used to define alias names for a cluster user. The user's name known by the scheduling system is known as the clus-
       ter user. If the cluster user doesn't match the user account name on an execution host, the usermapping feature can solve the problem.

       Each line in the usermapping entry file specifies a user name and the host(s) where he has an account.

       A list of currently configured user mapping entries can be displayed via the qconf(1) -sumapl option. The contents of  each  enlisted  user
       mapping	entry  can  be shown via the -sumap switch. The output follows the usermapping format description. New user entries can be created
       and existing can be modified via the -aumap, -mumap and -dumap options to qconf(1).

FORMAT

       A user mapping entry contains two parameters:

   cluster_user
       The cluster_user keyword defines the cluster user name. The rest of the textline after the keyword "cluster_user" will be taken as  cluster
       user value.

   remote_user
       The  user  name on an execution host. Please note that the value for this attribute might be overwritten for a certain hostgroups or single
       host.  Find an example below.

EXAMPLE

       This is a typical user mapping entry for a cluster user mapping:

       cluster_user   peter

       remote_user    peter,[@linux=pet1],[fangorn=peter1]

       The entry will map the user peter which is defined in the cluster system to the user peter on all hosts in the cluster except for all hosts
       which  are  referenced  in  the hostgroup @linux. For all these hosts the user will be mapped to pet1. For the host fangorn the remote user
       will be peter1.	hostgroup(5) to obtain for more information about that.

SEE ALSO

       qconf(1), hostgroup(5).

COPYRIGHT

       See sge_intro(1) for a full statement of rights and permissions.

								      $Date$							    USERMAPPING(5)
All times are GMT -4. The time now is 07:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy