Login or Register to Ask a Question and Join Our Community


Solaris

Check executed commands from remote hosts

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Check executed commands from remote hosts
# 1  
Old 10-06-2010
Check executed commands from remote hosts
Hello,

Is there any way to check which user and from which IP executed a command to the server.I need something like the history but with information also from which IP the command executed.

Thanks in advance
# 2  
Old 10-06-2010
I think the daemons keep a log, if you are talking about rsh and ssh. Of course, if they:

rsh your_host ksh <script

you just see ksh. Our ssh2 seems to use syslog(), so it is configuration dependent where what gets logged.
# 3  
Old 10-06-2010
Hi,

Thanks for your response.Sorry i didn't mention before but i want to see commands executed previous days.
Something like
#list -100 <username>
but with more details.I need to see not only when someone logged in but also what commands the user executed.
# 4  
Old 10-07-2010
Everyone that logs in, every command with user id and time(s)? That's a lot of writing for a modified kernel where exec is logging. I heard of a recovery system where they substituted a custom /lib/libc.* so all apps called their exec*() routines, which logged and then called the real exec*() routines by number using system() (ditto for open, read, write, seek, ... so they could restart processing).

Which IP is a different log of who logs in from where, when on what tty. What do you want to do with things run by cron, at, daemon servers, root and his buddies?

What happens if the log disk fills?

There are stats for command use, but I forget where.
# 5  
Old 10-07-2010
There is no need for a hacked kernel. Much more than what is asked for is already there with Solaris accounting and auditing capabilities.
28.Solaris Auditing (Overview) (System Administration Guide: Security Services) - Sun Microsystems

Should you really want to write a custom solution, a relatively simple dtrace script would do that job.
# 6  
Old 10-07-2010
Yes, I was speaking very generally, and this is the Solaris-speific forum. Does Solaris do all of who from where ran what how many times/seconds?
# 7  
Old 10-07-2010
Yes, it does do that.
Code:
>  acctadm -r
process:
extended pid,uid,gid,cpu,time,command,tty,projid,taskid,ancpid,wait-status,zone,flag,memory,mstate
basic    pid,uid,gid,cpu,time,command,tty,flag
task:
extended taskid,projid,cpu,time,host,mstate,anctaskid,zone
basic    taskid,projid,cpu,time
flow:
extended saddr,daddr,sport,dport,proto,dsfield,nbytes,npkts,action,ctime,lseen,projid,uid
basic    saddr,daddr,sport,dport,proto,nbytes,npkts,action

Note the process: extended and task: extended
The display kinda sucks but it is readable.

There are two possible "on" states: extended and basic
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

awk remote multiple hosts print remote hostname and output

Hi all, i'm trying to gether multiple pattern on remote hosts, and trying to print hostname and the pattern, ssh remoteserver1 -C 'hostname 2>&1;cat /var/log/server1.log | awk -F ";" '"'"'{ print " "$2" "$5}'"'"'| sort | uniq -c | sort -g -r ' The output is the following, remoteserver1 ... (8 Replies)
Discussion started by: charli1
8 Replies

2. Solaris

How to copy a tar file on a series of remote hosts and untar it on those hosts?

Am trying to copy a tar file onto a series of remote hosts and untar it at the destination. Need to do this without having to do multiple ssh. Actions to perform within a single ssh session via shell script - copy a file - untar at destination (remote host) OS : Linux RHEL6 (3 Replies)
Discussion started by: sankasu
3 Replies

3. Shell Programming and Scripting

Check/get the exit status of a remote command executed on remote host through script

Geeks, Could you please help me out in my script and identify the missing piece. I need to check/get the exit status of a remote command executed on remote host through script and send out an email when process/processes is/are not running on any/all server(s). Here's the complete... (5 Replies)
Discussion started by: lovesaikrishna
5 Replies

4. Shell Programming and Scripting

netstat command to be executed for list of hosts

Hi All, Need to run the netstat -i command on the list of hosts and check if "Ierrs" and "Oerrs" has value greaterthan 0. for Ex: below output, driver bge1 and bge3 has Oerrs and Ierrs value > 0, So, script should report saying "Netstat status for $host, driver bge1 has Oerrs = 20, Failed"... (5 Replies)
Discussion started by: Optimus81
5 Replies

5. Debian

Launch remote gui apps in remote hosts

Hi, I've been looking for a way to execute a console program (is in windows but by now I accept the linux way) from a linux machine, but this program has to be opened in the remote side. Linux machine acts only as a "signaling" host. My program has to open the camera in the remote side, but only... (7 Replies)
Discussion started by: zauberberg
7 Replies

6. UNIX for Dummies Questions & Answers

Clearing history of commands executed

Hi, I have cleared the commands by using >$HOME/.sh_history. But if i issue HISTORY it shows some reference numbers but not the commands executed. But i want to truncate those line numbers too. May i know how i can achieve this? Thanks (1 Reply)
Discussion started by: pandeesh
1 Replies

7. UNIX for Dummies Questions & Answers

Commands will be executed using /usr/bin/sh

Hi, how to overcome this warning issue. code: #echo 'ls > /home/rxcprod/a.out' | at -q a now warning: commands will be executed using /usr/bin/sh job 1318943704.a at Tue Oct 18 09:15:04 2011 (4 Replies)
Discussion started by: tushar_spatil
4 Replies

8. Shell Programming and Scripting

To inform the executed commands

Dear friends, Whenever I do logout from a session initiated by ssh/su, I need to print a small report which says the login time, logout time, commands got executed.. How can it be done? I know when doing ssh, .profile file will get executed. Shall we do something with the help of it. (1 Reply)
Discussion started by: nagalenoj
1 Replies

9. Shell Programming and Scripting

Viewing the commands executed

Hi, I have executed a set of commands on the linux server and later rebooted the server. Is it possible to get the details of the commands I executed prior to the reboot? If yes please let me know how? Thanks. (1 Reply)
Discussion started by: yoursdavinder
1 Replies

10. UNIX for Dummies Questions & Answers

How does the internal commands are executed?

Hi all, I am new to unix OS. Commands(external commands) given by the user are examined by shell and later executed by kernel. Now I want to know how the internal(built in) commands are executed. Please clarify whether they are executed directly by shell or by kernel. Thanks in... (2 Replies)
Discussion started by: chaitra
2 Replies
Login or Register to Ask a Question