03-01-2006
23,
0
Join Date: Jun 2005
Last Activity: 1 March 2006, 1:23 PM EST
Posts: 23
Thanks Given: 0
Thanked 0 Times in 0 Posts
Finger is available in AIX. If they are currently logged in mutliple times, you'll see multiple instances, in the output, and it will show where they are logged in from. This information is coming from (I'm pretty sure) the wtmp file, the file you read with 'last',
so 'last' will get you the same information, not only on current users, but on previous logins.
I get the feeling, however, this isn't really what you want either.
In Solaris, you can run inetd with a "-t" (trace) option. In AIX (I've never done this) there is a "-d" option which appears to be similar. Solaris's -t will log every single connection that is made to any port that inetd is listening to (logs to syslog). This would show you even attempts that are aborted (i.e. someone telnet's and then exits out of the telnet command before even attempting to login, etc.). This would log everything that goes through inetd, not just telnets and rlogins.
There isn't a good way, however, to connect the output of inetd's with other things like shell histories.
I suppose, alternatively, you could do a netstat periodically and save it to a file. It would be a mess to pick through. Typically, ports when they close go into a FIN_WAIT status for like 5 minutes, so every 5 minutes or so should work.