How to track user activity?


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers How to track user activity?
# 1  
Old 04-18-2013
How to track user activity?

Hi All

Please can you help me with the following issue:

A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when, because everybody log in with the same username.
What I did was to create individual users and copy the main application user profile to these userīs but this never work properly.
Please can you give some other ways to overcame this problem?

FR
# 2  
Old 04-18-2013
So, are they defined individually on the operating system or just within the application? You don't give much of a clue as to how they access it. Is it a telnet/ssh application or some sort of browser based offering.




Robin
Liverpool/Blackburn
UK
# 3  
Old 04-18-2013
How to track user activity

Hi!

They are define individually on the operating system, and they are using putty (ssh or telnet)

FR
# 4  
Old 04-18-2013
So, assuming that they have individual OS accounts, you should be able to see processes using variations of the ps command. Beyond that, you will have to discuss this with your software vendor. They may well have internal logging in place.

What sort of information are you after? It is just "When were they last logged on?" there are easy ways, such as the last command. If it is "What was the last value they altered within the application?" then that's a little bit bigger and it depends what logging is built in.


If they all share one OS login account, then that's a pretty bad design. You may be able to get some idea base on the address they connect from, but then the application logs will likely just all be a mush.


Robin
Liverpool/Blackburn
# 5  
Old 04-18-2013
How to track user activity

The issue is that management do not want people sharing passwords...
Yes we can use the
Code:
last

, but if one of them breaks the system, we will not know, because everybody is using the same username and same password...
# 6  
Old 04-18-2013
So, at least there is good management that they do not want people sharing an account. Can we assume that the password expire regularly too?

Anyway, a good trick to introduce is to edit the central profile that everyone runs as they log in. If you have /etc/profile.d, then create your own (world read/executable) script in there, but if not edit /etc/profile. You should read it carefully and add something like this where it will be run by everyone (e.g. before they are trapped in the application):-
Code:
#!/bin/ksh
who -u am i 2>/dev/null |\
        read realuser term a b c d e source        # get login user & IP/DNS
echo "`date +%Y_%m_%d@%H_%M_%S` $realuser $term $source">>/sec/loginlog/`id -un`
unset realuser term rest a b c d e source

.... and create a world writeable directory /sec/loginlog. The action of login will now write a history of usage and log the source in a file matching the userid. A periodic review of the files will point out if:-
  1. An account is not being used (file not created/updated)
  2. An account is being shared (multiple login sources)
  3. An account is being switched to by su (the username listed doesn't match the filename)


Does this address what you are looking for? I have had successful detections and can use it in reverse to placate auditors that all is well when there are no concerns.

of course, this might prove more difficult if there is a NAT involved or some sort of remote desktop (e.g. Citrix) where the source IP address may not be static.



I hope that this helps.

Robin
Liverpool/Blackburn
UK
# 7  
Old 04-18-2013
How to track user activity

Hi Robin!

Thanks again, but I am bit relutante to edit the application main user as the vendor might complain... but I will try and test this scenario on a test environment.

FR
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Track activity of a user

Hi All We have a job which writes files to a server at a particular time. The files will be created by a particular user ID Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies

2. Shell Programming and Scripting

Audit user activity

Need some help in coming up to log all the activity that is used with our common "unix account". Ideally I am looking for to log the activity in a "separate" file for each session or login until the user logout, I would like to capture the date/time and terminal login and record all the ... (3 Replies)
Discussion started by: rajmanna
3 Replies

3. Homework & Coursework Questions

Track user log!

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: The task is to measure the density of users that are logged on system. The program should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies

4. UNIX for Dummies Questions & Answers

Track user

Hi, i suddenly realized that a directory is deleted unfortunately there are many user have pervilages on this directory is there a way to track the user who delete this directory or atleast from now can i enable something so that i can track from now I think there is way from... (2 Replies)
Discussion started by: crackgeek
2 Replies

5. UNIX for Advanced & Expert Users

Track user commands

Hi, I have a unix server and I am concerned about the security on that server. I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history. I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies

6. Shell Programming and Scripting

SVN activity of certain user

Hi there, I'm looking for some help to get a little script done that shows me (or counts) only the added lines from an SVN repository of one specific user. Anybody has an idea? Thanks, Michael (0 Replies)
Discussion started by: MichaelGiese
0 Replies

7. Shell Programming and Scripting

keep track of every user

dear all , I m new to shell programming and I need your help. Actually i want to keep track of all the commands executed in a bash prompt of users , very much in same manner as it is displayed when we run "history" command. now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies

8. UNIX for Dummies Questions & Answers

Possible to track FTP user last login? Last and Finger don't track them.

Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in. Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies

9. UNIX for Advanced & Expert Users

Track user activity --pls help

hi I want to know how to save all the command used by all the used under a particular root with the time stamp in a file. Eg: User Name: UX10 Time: 10:56 Command: LS User Name: UX23 Time: 10:59 Command: MORE abc.txt -Anand (2 Replies)
Discussion started by: anandtharani
2 Replies

10. UNIX for Dummies Questions & Answers

audit user activity - possible?

Hi, I have been asked if it is possible to track the last time a specific user logged in to the sysetm. checked my documentation but can't see it there - google is not being very helpful either. I wonder if someone here can help - it will be much appreciated. Thanks Suresh (1 Reply)
Discussion started by: sureshy
1 Replies
Login or Register to Ask a Question