Auditing User's actions Post: 96357

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

see user's actions from another terminal

I would like to know if there is a way to see what a user is doing from another terminal. I want to be able to see exactly what they see on their terminal. Is that possible ?

2. AIX

Auditing User administrator

Background: I a trying to audit user administration on a AIX box. I am trying to make sure that any changes made by the System administrator to the user accounts (Add users, changing their attributes or deleting users) are accompanied by authorization i.e. the system admin does not make any...

3. AIX

User Auditing

i want to audit user commands .. keep track of what commands each user has been giving .. can this be done by writing a script in engraving it in .profile of the user. or is there any other way of doing this ... rgds raj

4. Solaris

Tracing a user and logging his actions

Dear All, I want to enable the tracing for a user and logging all things he do in a log file.......... Thaaanks

5. Shell Programming and Scripting

Script for Oracle user activity auditing

Hi All, I need to put in place a UNIX shell script that calls three sql scripts & reports to the DBAs. I already have the three sql scripts in place & they perform the following database auditing actions: 1. actions.sql This script queries the DBA_AUDIT _TRAIL table to look for database user...

6. Shell Programming and Scripting

user auditing

Hello, is there some way to track what shell commands some user is executing ? Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ... I have 2.6.13-1.1526_FC4smp

7. Solaris

Solaris user auditing

Hello, I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" ) Thanks.

8. AIX

User auditing from AIX server

I am trying to find out the information of my local desktop when i use putty to login to an AIX server. This is what I do: 1. login to my PC 2. take a putty session to an AIX server Can i get information of my local desktop from the AIX server ? Is there a command available ? Thanks

9. Shell Programming and Scripting

Combining sed actions

Let's say I have an input file looking like: ID1 1 5 6 8 ID2 1 4 5 7 I'm trying to formulate a loop that can combine these actions: - If the line begins with a letter: replace the '\ n' after a field containing characters with a '\ t' (sed 's / \ n / \ t / g' ) - If the line...

LEARN ABOUT OSX

tc-actions

actions in tc(8)						       Linux							  actions in tc(8)

NAME

       actions - independently defined actions in tc

SYNOPSIS

       tc [ TC_OPTIONS ] actions add | change | replace ACTSPEC

       tc [ TC_OPTIONS ] actions get | delete ACTISPEC

       tc [ TC_OPTIONS ] actions flush ACTNAMESPEC

       tc [ TC_OPTIONS ] actions ls | list ACTNAMESPEC [ ACTFILTER ]

	       ACTSPEC := action ACTDETAIL [ INDEXSPEC ] [ COOKIESPEC ] [ CONTROL ]

	       ACTISPEC := ACTNAMESPEC INDEXSPEC

	       ACTNAMESPEC := action ACTNAME

	       INDEXSPEC := index INDEX

	       ACTFILTER := since MSTIME

	       COOKIESPEC := cookie COOKIE

	       ACTDETAIL := ACTNAME ACTPARAMS

	       ACTNAME may be any valid action type: gact, mirred, bpf, connmark, csum, police, etc.

	       MSTIME Time since last update.

	       CONTROL := { reclassify | pipe | drop | continue | ok }

	       TC_OPTIONS These are the options that are specific to tc and not only the options. Refer to tc(8) for more information.

DESCRIPTION

       The  actions object in tc allows a user to define actions independently of a classifier (filter). These actions can then be assigned to one
       or more filters, with any packets matching the classifier's criteria having that action performed on them.

       Each action type (mirred, police, etc.) will have its own table to store all created actions.

OPERATIONS

       add    Create a new action in that action's table.

       change
       replace
	      Make modifications to an existing action.

       get    Display the action with the specified index value. When combined with the -s option for tc, display the statistics for that action.

       delete Delete the action with the specified index value. If the action is already associated with a classifier,	it  does  not  delete  the
	      classifier.

       ls
       list   List  all the actions in the specified table. When combined with the -s option for tc, display the statistics for all actions in the
	      specified table.	When combined with the option since allows doing a millisecond time-filter since the last time an action was  used
	      in the datapath.

       flush  Delete all actions stored in the specified table.

ACTION OPTIONS

       Note that these options are available to all action types.

       index INDEX
	      Specify the table index value of an action.  INDEX is a 32-bit value that is unique to the specific type of action referenced.

	      For add, change, and replace operations, the index is optional.  When adding a new action, specifying an index value will assign the
	      action to that index unless that index value has already been assigned. Omitting the index value for an add operation will cause the
	      kernel to assign a value to the new action.

	      For get and delete operations, the index is required to identify the specific action to be displayed or deleted.

       cookie COOKIE
	      In addition to the specific action, mark the matching packet with the value specified by COOKIE.	The COOKIE is a 128-bit value that
	      will not be interpreted by the kernel whatsoever.  As such, it can be used as a correlating value for maintaining user  state.   The
	      value to be stored is completely arbitrary and does not require a specific format. It is stored inside the action structure itself.

       since MSTIME
	      When  dumping  large  number of actions, a millisecond time-filter can be specified MSTIME.  The MSTIME is a millisecond count since
	      last time a packet hit the action.  As an example specifying "since 20000" implies to dump all actions that have seen packets in the
	      last  20	seconds.  This option is useful when the kernel has a large number of actions and you are only interested in recently used
	      actions.

       CONTROL
	      The CONTROL indicates how tc should proceed after executing the action. Any of the following are valid:

	      reclassify
		     Restart the classifiction by jumping back to the first filter attached to the action's parent.

	      pipe   Continue with the next action. This is the default control.

	      drop   Drop the packed without running any further actions.

	      continue
		     Continue the classification with the next filter.

	      pass   Return to the calling qdisc for packet processing, and end classification of this packet.

SEE ALSO

       tc(8), tc-bpf(8), tc-connmark(8), tc-csum(8), tc-ife(8), tc-mirred(8), tc-nat(8), tc-pedit(8), tc-police(8),  tc-simple(8),  tc-skbedit(8),
       tc-skbmod(8), tc-tunnel_key(8), tc-vlan(8), tc-xt(8)

iproute2							    1 Aug 2017							  actions in tc(8)