Login or Register to Ask a Question and Join Our Community


AIX

AIX: How to find down who enter a command?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX AIX: How to find down who enter a command?
# 8  
Old 07-10-2014
Quote:
Originally Posted by bobochacha29
I can get the ppid of the processs, but how to get the detail informations from that ppid. For example, I know process's user is "guest", process's PPID is 1000000, but there are both 2 people using user "guest" from 2 diferent IP. So how to know which people ( IP ) begin the process ??
Code:
term=`ps -fp 1000000 | awk '{t=$6} END {print t}'`
who -u | grep -w $term

This User Gave Thanks to MadeInGermany For This Post:
bobochacha29
# 9  
Old 07-10-2014
Quote:
Originally Posted by bakunin
With the PPID and the PID you can reconstruct "trees" of processes. Here is an example: a user types "ls" on the commandline. The following has happened:

The "login"-process has started a login-shell for that user. Because this shell is attached to a (maybe virtual) terminal you can distinguish separate sessions of the same user. They will differ in the terminal they use. This shell now starts another process, "ls".

Searching the process list for the user will give you some entries including the "ls" process. Read the PPID field and search the list again for a process having this process number in the PID field. This is the process which has started the "ls"-process - the shell it was started from. With the process information from this shell you find out which session of the user originated the process.

I hope this helps.

bakunin

Quote:
Originally Posted by MadeInGermany
Code:
term=`ps -fp 1000000 | awk '{t=$6} END {print t}'`
who -u | grep -w $term


Done SmilieSmilieSmilie
Thanks a lot SmilieSmilieSmilie
# 10  
Old 07-10-2014
what about auditing and its logs? I would use auditing records and would regulary map IPs of coming sessions with its PIDs (lsof) ... then compare autid PID actions with lsof records to get answer who has done what (base of knowledge of mapping users to IPs)
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find command does not work on AIX 6.1

I have AiX system version 6.1 I wish the below find command to work on AiX system ksh shell and give similar output as this works fine on RedHat Linux centos 7. find /app/logs/fname1.out -printf "%M %u %TY-%Tm-%Td %TH:%TM %h/%f $(cksum<fname1.out | cut -d' ' -f1)\n" Output: -rw-r--r--... (7 Replies)
Discussion started by: mohtashims
7 Replies

2. UNIX for Beginners Questions & Answers

Prune Option for Find Command on AIX

I need to delete all files from the working directory and its sub directories using the find command, for that I am using -prune option but some how I am having a syntax issue. I have tried the below, please help me correct the syntax find . -name \* -type f -exec rm -f {} \; >> Works but... (4 Replies)
Discussion started by: rosebud123
4 Replies

3. AIX

AIX - find command with mtime

Hello experts, I would get from a list of files, which are more ancient than 1 hour. Examples: Current date: Wed Oct 28 16:10:02 SAT 2015 using: find path -name 'file_name. *' -mtime +0 I see files with less at 00:00:00 date of the current day. /path/file_name.20151027170725... (7 Replies)
Discussion started by: carlino70
7 Replies

4. Shell Programming and Scripting

Find command not working on AIX

Hello, I am running find command in an AIX Server to find last 7 days modified directories/files. >cd /usr/openv/netbackup/db/class >ls -l total 0 drwxr-xr-x 3 root system 256 May 28 2014 Catalog-Backup drwxr-xr-x 3 root system 256 Sep 18 2012 ... (4 Replies)
Discussion started by: rahul2662
4 Replies

5. AIX

Command to find file system details on AIX

Hi , Could you please tell me how to find the following on AIX? 1.Command to find file system details? 2.What are all the files exist under a specific directory along with their sizes? In general we use, du -sh * | grep M under a directory which returns files having size of MB,... (18 Replies)
Discussion started by: Maddy123
18 Replies

6. AIX

How to find the log for executed command in IBM AIX?

In Unix If we executed any command where will generate the particluar log related to command in Unix. (4 Replies)
Discussion started by: victory
4 Replies

7. UNIX for Dummies Questions & Answers

AIX find command using prune option

Hi, I am trying to find some files in a directory and then remove/list them if they are 30 days old. I also have 2 directories in that directory which I need to skip. Can someone please tell me what is the correct syntax? find /developer/. -name "lost+found" "projects" -prune -o -type f... (2 Replies)
Discussion started by: tkhan9
2 Replies

8. UNIX for Dummies Questions & Answers

find command AIX

Hi all , could anyone please help with find command in AIX. I am trying to find files but there are more than 30thousand files in there.I realise I need to use xargs somehow but dunno the correct way to pull this. find /log_directory/* -prune -xdev -type f -mtime +20 | xargs ls -l the... (2 Replies)
Discussion started by: erinlomo
2 Replies

9. Shell Programming and Scripting

How to find entering ENTER key?.

Hello All, i have a script to get input from the user like bellow, read -p "Do you want to continue (y/n) : " status i want to identify the pressing of Enter Key with out giving any value for the above statement and i want get the status if we press Enter key during run time. How to... (0 Replies)
Discussion started by: tsaravanan
0 Replies

10. UNIX for Dummies Questions & Answers

Use -prune with find command on AIX

I am trying to get a list of top level directories below the search path but I don't want to descend subdirectories. The find command listed below returns me the list I want but it also returns subdirectories. I can't seem to get the -prune option to work the way I want. How would I modify the... (5 Replies)
Discussion started by: FuzzySlippers
5 Replies
Login or Register to Ask a Question