AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only
Expand all | Collapse all

AIX file modification & Logged In Users.

  • 1.  AIX file modification & Logged In Users.

    Posted Mon December 19, 2011 03:50 AM

    Originally posted by: NNVyas


    Hello,

    I am using IBM AIX 5.3 OS release 16 on Power 520 Servers. I have installed "Oracle Application Server" on it & for website purpose.

    Now, I have provided oracle user access to another company,who is maintaining Oracle Web Server.

    So, I would like to know how to track their activity like,

    • User who have logged into AIX Server with time frame with their IP Address.

    • Failed login attempts on AIX Server.

    • Which file they have changed with modification date & contents of the file that has been modified.

    Is it possible to get all above 3 outputs in a simple txt file, so that i can import it & make hard copy print.

    I am doing this exercise for my internal audit purpose only.

    Please help.
    #AIX-Forum


  • 2.  Re: AIX file modification & Logged In Users.

    Posted Wed December 28, 2011 01:56 AM

    Originally posted by: HemantRamparia


    Sudo Implementation can help you out.
    Using sudo you can restrict the user with the command that is required by the user.
    Also the login details are captured(however for getting the IP address from where the user is logged in you can create a script for getting the IP address).
    failed login can be found out from the following file. by typing the following command who -a /etc/security/failedlogin
    I am not sure about if sudo can capture changed with modification date & contents of the file that has been modified.
    Thanks and Regards
    Hemant
    #AIX-Forum


  • 3.  Re: AIX file modification & Logged In Users.

    Posted Wed December 28, 2011 01:52 PM

    Originally posted by: pacynka


    Few ideas which may help you:
    >> User who have logged into AIX Server with time frame with their IP Address
    command last

    >> Failed login attempts on AIX Server
    check via syslog or some script using lsuser and attributes like time_last_unsuccessful_login, host_last_unsuccessful_login, unsuccessful_login_count, etc.

    >> Which file they have changed with modification date & contents of the file that has been modified
    no idea if there`s aix tool for that purpose, but there`s a bunch of soft that will do more less what you want. I`ve used samhain for a test and seems fine, but it didn`t check content only timestamps.

    Other thing might help you to monitor activity on servers: you can record commands executed during sessions with eg. bash history facilities end global variables like HISTFILE, etc.
    #AIX-Forum