Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: User auditing from AIX server
Operating Systems AIX User auditing from AIX server Post 302907970 by Nagesh_1985 on Wednesday 2nd of July 2014 07:16:35 PM
Old 07-02-2014
Thanks for the reply..
the 'last' command works fine.

This is what i am trying to do.
Say, for example, an user logs into the AIX server from his local desktop via a putty session.
The user logs into his local desktop using his ID
I want to capture the logon and logoff time of the user into the AIX server.
And this has to be done from within the AIX server.

More like auditing user logons into AIX server.
 

10 More Discussions You Might Find Interesting

1. AIX

User Auditing

i want to audit user commands .. keep track of what commands each user has been giving .. can this be done by writing a script in engraving it in .profile of the user. or is there any other way of doing this ... rgds raj (2 Replies)
Discussion started by: rajesh_149
2 Replies

2. AIX

turning auditing on AIX 4.3

Hi, What's the best way to turn on the auditing in AIX 4.3? I'm in an environment where root password are shared with many users. Can sudoers member be audited properly? Thanks (1 Reply)
Discussion started by: itik
1 Replies

3. AIX

user cannot login into AIX-6.1 server

Dear Friends , I got a problem In our AIX 6.1 server . When I start or restart the machine I cannot Login the server . It shows a dialog box and shows some comments , those are : >> The DT messaging system could not be started . To correct the problem : 1. Choose to return the login... (1 Reply)
Discussion started by: shipon_97
1 Replies

4. Shell Programming and Scripting

user auditing

Hello, is there some way to track what shell commands some user is executing ? Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ... I have 2.6.13-1.1526_FC4smp (9 Replies)
Discussion started by: tonijel
9 Replies

5. AIX

AIX auditing

I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only? Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies

6. AIX

AIX Auditing problam

i have sucessfully enable the auditing on AIX with adding som onjects. but when i go for auditpr -v < /audit/trail vlets say i reset audit at last dat 5 pm auditpr -v < /audit/trail will show up to last day 5 pm. i have to reset audit every time to check latest logs. please... (3 Replies)
Discussion started by: prashantjain07
3 Replies

7. AIX

Help me! AUDITING AIX

Hi All, i've a problem on a AIX server with audit config... when i start the audit i receive this error: root@****:/etc/security/audit > /usr/sbin/audit start Audit start cleanup: The system call does not exist on this system. ** failed setting kernel audit objects I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies

8. AIX

AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system? regards (2 Replies)
Discussion started by: bongo
2 Replies

9. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

10. AIX

Configure AIX server to send logs and auditing to Qradar

Hi All I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,, The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc ) my skype account khaled_ly84 ... (4 Replies)
Discussion started by: khaled_ly84
4 Replies

LEARN ABOUT X11R4

pam_systemd

PAM_SYSTEMD(8)							    pam_systemd 						    PAM_SYSTEMD(8)

NAME

       pam_systemd - Register user sessions in the systemd login manager

SYNOPSIS

       pam_systemd.so

DESCRIPTION

       pam_systemd registers user sessions with the systemd login manager systemd-logind.service(8), and hence the systemd control group
       hierarchy.

       On login, this module -- in conjunction with systemd-logind.service -- ensures the following:

	1. If it does not exist yet, the user runtime directory /run/user/$UID is either created or mounted as new "tmpfs" file system with quota
	   applied, and its ownership changed to the user that is logging in.

	2. The $XDG_SESSION_ID environment variable is initialized. If auditing is available and pam_loginuid.so was run before this module (which
	   is highly recommended), the variable is initialized from the auditing session id (/proc/self/sessionid). Otherwise, an independent
	   session counter is used.

	3. A new systemd scope unit is created for the session. If this is the first concurrent session of the user, an implicit per-user slice
	   unit below user.slice is automatically created and the scope placed into it. An instance of the system service user@.service, which
	   runs the systemd user manager instance, is started.

       On logout, this module ensures the following:

	1. If enabled in logind.conf(5) (KillUserProcesses=), all processes of the session are terminated. If the last concurrent session of a
	   user ends, the user's systemd instance will be terminated too, and so will the user's slice unit.

	2. If the last concurrent session of a user ends, the user runtime directory /run/user/$UID and all its contents are removed, too.

       If the system was not booted up with systemd as init system, this module does nothing and immediately returns PAM_SUCCESS.

OPTIONS

       The following options are understood:

       class=
	   Takes a string argument which sets the session class. The XDG_SESSION_CLASS environmental variable takes precedence. One of "user",
	   "greeter", "lock-screen" or "background". See sd_session_get_class(3) for details about the session class.

       type=
	   Takes a string argument which sets the session type. The XDG_SESSION_TYPE environmental variable takes precedence. One of
	   "unspecified", "tty", "x11", "wayland" or "mir". See sd_session_get_type(3) for details about the session type.

       debug[=]
	   Takes an optional boolean argument. If yes or without the argument, the module will log debugging information as it operates.

MODULE TYPES PROVIDED

       Only session is provided.

ENVIRONMENT

       The following environment variables are set for the processes of the user's session:

       $XDG_SESSION_ID
	   A session identifier, suitable to be used in filenames. The string itself should be considered opaque, although often it is just the
	   audit session ID as reported by /proc/self/sessionid. Each ID will be assigned only once during machine uptime. It may hence be used to
	   uniquely label files or other resources of this session.

       $XDG_RUNTIME_DIR
	   Path to a user-private user-writable directory that is bound to the user login time on the machine. It is automatically created the
	   first time a user logs in and removed on the user's final logout. If a user logs in twice at the same time, both sessions will see the
	   same $XDG_RUNTIME_DIR and the same contents. If a user logs in once, then logs out again, and logs in again, the directory contents
	   will have been lost in between, but applications should not rely on this behavior and must be able to deal with stale files. To store
	   session-private data in this directory, the user should include the value of $XDG_SESSION_ID in the filename. This directory shall be
	   used for runtime file system objects such as AF_UNIX sockets, FIFOs, PID files and similar. It is guaranteed that this directory is
	   local and offers the greatest possible file system feature set the operating system provides. For further details, see the XDG Base
	   Directory Specification[1].	$XDG_RUNTIME_DIR is not set if the current user is not the original user of the session.

       The following environment variables are read by the module and may be used by the PAM service to pass metadata to the module:

       $XDG_SESSION_TYPE
	   The session type. This may be used instead of session= on the module parameter line, and is usually preferred.

       $XDG_SESSION_CLASS
	   The session class. This may be used instead of class= on the module parameter line, and is usually preferred.

       $XDG_SESSION_DESKTOP
	   A single, short identifier string for the desktop environment. This may be used to indicate the session desktop used, where this
	   applies and if this information is available. For example: "GNOME", or "KDE". It is recommended to use the same identifiers and
	   capitalization as for $XDG_CURRENT_DESKTOP, as defined by the Desktop Entry Specification[2]. (However, note that $XDG_SESSION_DESKTOP
	   only takes a single item, and not a colon-separated list like $XDG_CURRENT_DESKTOP.) See sd_session_get_desktop(3) for more details.

       $XDG_SEAT
	   The seat name the session shall be registered for, if any.

       $XDG_VTNR
	   The VT number the session shall be registered for, if any. (Only applies to seats with a VT available, such as "seat0")

EXAMPLE

	   #%PAM-1.0
	   auth       required	   pam_unix.so
	   auth       required	   pam_nologin.so
	   account    required	   pam_unix.so
	   password   required	   pam_unix.so
	   session    required	   pam_unix.so
	   session    required	   pam_loginuid.so
	   session    required	   pam_systemd.so

SEE ALSO

       systemd(1), systemd-logind.service(8), logind.conf(5), loginctl(1), pam.conf(5), pam.d(5), pam(8), pam_loginuid(8), systemd.scope(5),
       systemd.slice(5), systemd.service(5)

NOTES

	1. XDG Base Directory Specification
	   http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

	2. Desktop Entry Specification
	   http://standards.freedesktop.org/desktop-entry-spec/latest/

systemd 237															    PAM_SYSTEMD(8)
All times are GMT -4. The time now is 05:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy