HPE Community
Operating System - HP-UX
1837197 Members
2330 Online
110115 Solutions
New Discussion

user log in and out time

 
Jeff Hagstrom
Regular Advisor

‎10-24-2005 08:45 AM

‎10-24-2005 08:45 AM

user log in and out time

Is there anyway to figure out when someone logged in and logged out of unix?
RP7410 HPUX 11.i
0 Kudos
Reply
9 REPLIES 9
Richard Beyko_1
New Member

‎10-24-2005 08:54 AM

‎10-24-2005 08:54 AM

Re: user log in and out time

try the 'last' command
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎10-24-2005 08:55 AM

‎10-24-2005 08:55 AM

Re: user log in and out time

last | more

should show you this information

for failed login attempts, you can check

lastb | more

Hope this helps
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-24-2005 09:03 AM

‎10-24-2005 09:03 AM

Re: user log in and out time

Hi Jeff:

As noted, 'last' and 'lastb' for good and for bad logins.

You need to first create these accounting files. Their absence turns off the logging.

# touch /var/adm/wtmp #...to enable 'last' logging

# touch /var/adm/btmp #...to enable 'lastb' logging of bad logins

Make sure that '/var/adm/btmp' is owned by root and readable ONLY by root. To allow non-root users to read this file may expose passwords used with login attempts.

Regards!

...JRF...
0 Kudos
Reply
Jeff Hagstrom
Regular Advisor

‎10-24-2005 09:04 AM

‎10-24-2005 09:04 AM

Re: user log in and out time

I should have been more clear. Last and lastb both tell some info. We have a person that says they work over the weekend. I can see when they logged in, but I can't see when the logged out.
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎10-24-2005 09:13 AM

‎10-24-2005 09:13 AM

Re: user log in and out time

Jeff, unfortunately, if the users stays logged in or ends his/her session abruptly, i.e., not with a ctrl-D or exit command, last will not catch that and will show the user logged in until the end of the time (i.e. system reboot) and there is no workaround for this I know of.

One thing comes to mind that you can check the validity of this user's last activity, and it is only available if he/she did not login since then, is to check the modification time of the .sh_history file if it is utilized.

another method that comes to mind is a little more convoluted. Find the time logged in, find the associated telnetd/sshd process id spawned from the syslog and find the same PID getting killed/terminated again in the syslog.

But neither of the two methods are bulletproof. It is basically a crapshoot if you can find something.

HTH
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Jeff Hagstrom
Regular Advisor

‎10-24-2005 09:23 AM

‎10-24-2005 09:23 AM

Re: user log in and out time

The history file tells me when they logged in, but not when they logged out. Someone mentioned the btmp and wtmp files, I have those already created. How do I look at them? They aren't legiable, or least not enough to tell me when someone is logging in our out.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎10-24-2005 09:25 AM

‎10-24-2005 09:25 AM

Re: user log in and out time

last reads wtmp.
lastb reads btmp.

You can't look at them directly.
--
Jeff Traigle
0 Kudos
Reply
DCE
Honored Contributor

‎10-24-2005 09:48 AM

‎10-24-2005 09:48 AM

Re: user log in and out time

If your system is trusted, you can use the auditing subsystem to track an individual user. the following link tells more....
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=749837.

More links are available by performing an itrc search for audit user.........
0 Kudos
Reply
Mohanasundaram_1
Honored Contributor

‎10-24-2005 09:52 AM

‎10-24-2005 09:52 AM

Re: user log in and out time

You are a good candidate for using "auditing"
Attitude, Not aptitude, determines your altitude
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.