Login or Register to Ask a Question and Join Our Community


Solaris

I need to audit users on a Solaris box

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris I need to audit users on a Solaris box
# 1  
Old 02-28-2006
I need to audit users on a Solaris box
Is there a command to find out all the commands ran by a certain user id?

TiA
# 2  
Old 02-28-2006
You would need to have process accounting enabled to do this.

Have a look at the documentation for acct.
# 3  
Old 02-28-2006
Thanks. I'm not sure what what accounting is... but I just grepped the syslog for the username. Not exactly the quickest way but it worked. I'll have to research the other thing.
# 4  
Old 02-28-2006
We have turned on accounting to track user commands and there is a lot of overhead.. but it meets requirements.
If you have the capability to keep the user from updating their login parameters, you can force the history for only that person via a login profile.

for example, force the login to ksh and then use the set -o emacs command
this will put all the commands they execute into their .sh_history file. Which you can then view.
# 5  
Old 03-02-2006
Quote:
Originally Posted by PapaPark
Is there a command to find out all the commands ran by a certain user id?

TiA
If you can login as root then do the following steps:

# su - <unix-id>

where <unix-id> is the unix user id of that particular user you want to find out. Then type

# history

You can be able to see what commands he typed when he last logged in


Otherwise go to the user's home directory and look into history files which are usually hidden. They might be .sh_history, .bash_history etc....


com2com
# 6  
Old 03-07-2007
Quote:
Originally Posted by PapaPark
Is there a command to find out all the commands ran by a certain user id?
Yes, this functionality is provided in Solaris auditing. You can check out this page on how to enable and configure it, and this on how to setup auditing of shell activity.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

2. Shell Programming and Scripting

Create new users in DMZ box using script

I remote to many DMZ boxes every day to run batch file that allows me to create users. I create users in 17 DMZ boxes every day which takes a lot of my time. Is there any script that would do this job from my local computer? Thank you for your help! (3 Replies)
Discussion started by: idiazza
3 Replies

3. Shell Programming and Scripting

Setting environmental variable for all the users in the box

Hi, I have Sun solaris x64 box in which i need to set a Environment variable for all the users in the box. This Environment varible is used by the application on the box. Could any one please help me in setting the Environment variable. Thanks, Firestar (6 Replies)
Discussion started by: firestar
6 Replies

4. UNIX for Advanced & Expert Users

audit user commands of different users under root account

Hi, I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
Discussion started by: pointgetter0
6 Replies

5. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

6. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

7. AIX

AIX audit users activity

Is there a tool or application the will audit users activity? I've tryed to use audit the comes with AIX but to gathers so much information it is near impossible to see what they are doing. I just want to monitor logins and and files they create or change. (9 Replies)
Discussion started by: daveisme
9 Replies

8. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

9. AIX

turn on audit for all users

hi all, the audit /etc/security/audit/config file is only referring one user at a time. how do you specify all users to be monitored? I've tried ALL = general but got error when invoke "audit start". thanks (1 Reply)
Discussion started by: itik
1 Replies

10. UNIX for Dummies Questions & Answers

difference between AIX box and Sun Solaris box

Hi, I need a clarification. Is there any difference between AIX box and Sun Solaris box? The bzip command with -c option works in AIX box and the same does not work in Sun Solaris box. Can anyone please explain if there is an implementation difference in both these boxes for the shell... (1 Reply)
Discussion started by: nisha4680
1 Replies
Login or Register to Ask a Question