System Logs

masquerer · August 27, 2007, 8:21am

Dear Gurus

I am running AIX with several users that are using the system, i would like to monitor the commands that are run by these users. Is there a log system that records the commands that are executed by the users???
Any kind of help will be appreciated.

Regards
Masquerder

sysgate · August 27, 2007, 9:08am

I just looked at "smitty" but I can't seem to find such functionality out-of-the-box. I guess you can : 1. use users' history files, like :
cat the respective history file (e.g. .bash_history) for all users in /home and mail this content.
2. Use "script" command, I just noticed it's available for AIX.
Certainly, there may be more elegant solution for this task, I will be happy to see it too.

masquerer · August 27, 2007, 9:18am

Dear sysgate
Most of my users use root login from there they swich users to another that remains the same for everyone i looked into bash_history but i cannot see the history of root logs, please can u tell me how to see that logs.
Secondly if i start the script command through .cshrc of every user wil it note all the commands in the output.

garry · September 24, 2007, 11:27am

Have you tried creating a file in users home directory called .sh_history?
I use this for root type logins, and recoreds all commands entered.

masquerer · October 27, 2008, 2:36am

Yes i have done that and the files are also being formed but the problem is the .sh_history files are not getting updated and the also there is no reference to the date or the IP from which the command was run!!!
please help!!!

bakunin · October 28, 2008, 11:20am

Of course these files are not updated. When your user switches from one user to another all the command s/he types in as the other user goes to this new users .sh_history file. You can control which history file is being used by setting the HISTFILE variable in the ksh environment.

But even then your main problem will remain: your system is unsecure - and inherently so. There is no other option than to limit what users do as root or as root-equivalent users. I woul suggest you explore tools like sudo and create a thorough concept which user should be able to do what - and then limit his possiblities to exactly this.

Giving all your users root authority is just lazyness in terms of coming up with such a concept. As long as every user is allowed to do everything you don't have to worry about security - it is simply nonexistent and the only thing you can do about it - save for changing the attitude - is getting used to it.

I hope this helps.

bakunin

masquerer · October 28, 2008, 1:22pm

Well sorry if i didnt clear the picture, well im workin in a telco environment and there are a lotta things that my team is doin and for which they need the root pwd, secondly the vendor also has to run system checks that ask for the root pwd, i have restricted my users in terms of groups and dba access but then again there always the chance of any mishaps which can be covered easily as there are 10 ppl that are working on the systems!!!!
so just to keep a check on anything that they r doin i wanted to enhance the security of my n/w.