1833059 Members
3571 Online
110049 Solutions
New Discussion

Re: User monitor report

 
SOLVED
Go to solution
Joseph Bague
Frequent Advisor

User monitor report

Hi to all guru's and master,

Do you have a sample script that monitor the changes on user like account lock out, new user has been add etc,

Thanks in advance
Joseph
Expect nothing but ready for everything
3 REPLIES 3
Michael Tully
Honored Contributor

Re: User monitor report

Con O'Kelly
Honored Contributor
Solution

Re: User monitor report

Hi Joesph

Sorry I don't have any scripts to do this. You may have to write your own.

I've attached an old security script that you might be able to pull a few ideas from eg failed logins, failed su to root etc.

For trusted systems look at /usr/lbin/getprpw command.
-> look for lockout=0000000. If not then account is locked.

Maybe use a diff command to check for any changes to /etc/passwd file.


Cheers
Con
Steven E. Protter
Exalted Contributor

Re: User monitor report

If your mystem is trusted, you may be able to fine tune the audit logs to get what you want.

passwd -sa reports some data on the user, but doesn't report new ones.

You could scan the root .sh_history file for the useradd commmand to get users.

The information is out there, you need to work a bit to get it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com