HPE Community
Operating System - HP-UX
1822147 Members
4118 Online
109640 Solutions
New Discussion юеВ

How to track user logins and activities?

 
Joshua Goi
Frequent Advisor

тАО06-19-2005 08:12 PM

тАО06-19-2005 08:12 PM

How to track user logins and activities?

Hi,

Is there a way to check (any) user login and logout times? And also, to see what files did this user accessed during this time?

Thanks!
0 Kudos
Reply
11 REPLIES 11
Stf
Esteemed Contributor

тАО06-19-2005 08:14 PM - last edited on тАО07-18-2023 11:52 PM by

тАО06-19-2005 08:14 PM - last edited on тАО07-18-2023 11:52 PM by

Re: How to track user logins and activities?

you can have some information in /var/adm/syslog/syslog.log...

also look at this :

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=764349

Stf

[Moderator edit: The above link is no longer valid.]

0 Kudos
Reply
Joseph Loo
Honored Contributor

тАО06-19-2005 08:15 PM

тАО06-19-2005 08:15 PM

Re: How to track user logins and activities?

hi,

use last (for successful login duration) and lastb (bad logins) command.

to see what files users access, unless u have audit turn on, another way is .sh_history from each user's home directories.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Bharat Katkar
Honored Contributor

тАО06-19-2005 08:16 PM

тАО06-19-2005 08:16 PM

Re: How to track user logins and activities?

Hi,

Is there a way to check (any) user login and logout times?

For users currently logged in use:

# who -R

For history of the user login sessions use:

# last -R

For unsuccessful login attempts use:

# lastb -R

Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
Michael Selvesteen_2
Trusted Contributor

тАО06-19-2005 10:52 PM - last edited on тАО07-21-2023 04:06 AM by

тАО06-19-2005 10:52 PM - last edited on тАО07-21-2023 04:06 AM by

Re: How to track user logins and activities?

You could also use the auditing feature, This can be turned on thru 'sam'
Refer for more

http://docs.hp.com/en/B2355-90121/ch02s05.html

http://nixdoc.net/man-pages/HP-UX/man1M/audisp.1M.html

Note : Auditing is available only in trusted systems

All the Best.

[Moderator edit: The above link is no longer valid. Please refer to https://support.hpe.com/] 

0 Kudos
Reply
Sandman!
Honored Contributor

тАО06-20-2005 05:30 AM

тАО06-20-2005 05:30 AM

Re: How to track user logins and activities?

Two log files keep track of successful and unsuccessful logins:

/etc/wtmp -- successful logins and logouts, accessed with "last".
/etc/btmp -- unsuccessful login attempts, accessed with "lastb".

/etc/wtmp exists by default and if the file /etc/btmp doesn't you can "touch" it if you're the superuser.

# touch /etc/btmp

As far as user activities are concerned do a man on the following commands:

lastcomm / acctcom / acctcms

cheers!
0 Kudos
Reply
Rick Garland
Honored Contributor

тАО06-20-2005 05:40 AM

тАО06-20-2005 05:40 AM

Re: How to track user logins and activities?

login/logout times you can get through the `last` commands.

The `last` and `lastb`

As to what was accessed, check the user's .sh_history file. Also look at using the auditing feature of a trusted system.

0 Kudos
Reply
Juan M Leon
Trusted Contributor

тАО06-20-2005 07:37 AM

тАО06-20-2005 07:37 AM

Re: How to track user logins and activities?

Joshua. I concur with most of the people. By using acct feature will allow you to track different activities such as commands.
acctcom
lastcomm
acctcms
are most fo the commands that will help you to track activity in the system. You will need to enable acct by changing START_ACCT=1 in the /etc/rc.config.d directory.
Hope it helps.
0 Kudos
Reply
Andrew Cowan
Honored Contributor

тАО06-20-2005 07:38 PM

тАО06-20-2005 07:38 PM

Re: How to track user logins and activities?

If you're really paranoid (and don't care too much about privacy issues) you can force users to connect via SSH and set the daemon logging to DEBUG. Be warned that this generates a LOT of traffic.
0 Kudos
Reply
Cem Tugrul
Esteemed Contributor

тАО06-20-2005 08:51 PM - last edited on тАО07-18-2023 11:54 PM by

тАО06-20-2005 08:51 PM - last edited on тАО07-18-2023 11:54 PM by

Re: How to track user logins and activities?

Hi,
another link from me;
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=33516

[Moderator edit: Removed the invalid link.]

Our greatest duty in this life is to help others. And please, if you can't
0 Kudos
Reply
muthamilan
Frequent Advisor

тАО06-29-2005 06:24 AM

тАО06-29-2005 06:24 AM

Re: How to track user logins and activities?

Hi

Use last command for sucessful login details,
use lastb command for unsucessful login details.I think lastb command only avilable on HP-UX.


0 Kudos
Reply
Q4you
Regular Advisor

тАО06-29-2005 02:13 PM

тАО06-29-2005 02:13 PM

Re: How to track user logins and activities?

We had some lazy security guards, giving us hard time. So we asked them to turn and focus the cameras on user monitors. Now they monitor and track what they do !


Just kidding..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.