Track deleted OS user accounts


 
Thread Tools Search this Thread
Operating Systems AIX Track deleted OS user accounts
# 1  
Old 04-23-2010
Power Track deleted OS user accounts

Recently we've had a couple user accounts mysteriously disappear. Is there any way to track these accounts and determine who/how they were deleted?
# 2  
Old 04-23-2010
A few thoughts.

Can only root users delete accounts on you systems?
If not, Are you using sudo to allow no root users to remove accounts?

If only root users are allowed, if the user used smitty to remove the accounts the only place I know that this is logged is in the /smit.log file. If they used rmuser for instance I think you are out of luck other than maybe reviewing the shell history by looking at the .sh_history file but unless you limit the root access with sudo than you probably won't be able to tell what user was logged in a root at the time.

If you can determine what day they were deleted (by looking at old backups or something) then maybe you could review the /var/adm/sulog file to see what users logged into the root account on that day.

If your users are using sudo and you have the logging feature turned on then you should be able to review the sudo logs.

At our side we have a wrapper script wrapped around the rmuser command and we log who uses that script.

Nothing concrete provided here but hopefully the info was helpful.
# 3  
Old 04-23-2010
Bug

Yes, that will be helpful. Thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Track activity of a user

Hi All We have a job which writes files to a server at a particular time. The files will be created by a particular user ID Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies

2. UNIX for Dummies Questions & Answers

How to track user activity?

Hi All Please can you help me with the following issue: A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies

3. Homework & Coursework Questions

Track user log!

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: The task is to measure the density of users that are logged on system. The program should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies

4. UNIX for Dummies Questions & Answers

Track user

Hi, i suddenly realized that a directory is deleted unfortunately there are many user have pervilages on this directory is there a way to track the user who delete this directory or atleast from now can i enable something so that i can track from now I think there is way from... (2 Replies)
Discussion started by: crackgeek
2 Replies

5. UNIX for Advanced & Expert Users

Track user commands

Hi, I have a unix server and I am concerned about the security on that server. I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history. I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies

6. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

7. UNIX for Dummies Questions & Answers

single user mode - user accounts passwords

hello ppl, someone must be able to help with this --> I have an old NCR tower 32 with an ADDS terminal running a unix version 020102 (Im not sure if thats correct but its unix for sure). I have no user names and no passwords and need to login to read a tape. Is there any way to do that? I hear... (3 Replies)
Discussion started by: orestis
3 Replies

8. Shell Programming and Scripting

keep track of every user

dear all , I m new to shell programming and I need your help. Actually i want to keep track of all the commands executed in a bash prompt of users , very much in same manner as it is displayed when we run "history" command. now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies

9. UNIX for Dummies Questions & Answers

Possible to track FTP user last login? Last and Finger don't track them.

Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in. Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies
Login or Register to Ask a Question