Originally posted by: pacynka
Few ideas which may help you:
>> User who have logged into AIX Server with time frame with their IP Address
command last
>> Failed login attempts on AIX Server
check via syslog or some script using lsuser and attributes like time_last_unsuccessful_login, host_last_unsuccessful_login, unsuccessful_login_count, etc.
>> Which file they have changed with modification date & contents of the file that has been modified
no idea if there`s aix tool for that purpose, but there`s a bunch of soft that will do more less what you want. I`ve used samhain for a test and seems fine, but it didn`t check content only timestamps.
Other thing might help you to monitor activity on servers: you can record commands executed during sessions with eg. bash history facilities end global variables like HISTFILE, etc.
#AIX-Forum