Tracking activities of Users using a particular login.

jyotipg · August 1, 2003, 7:35am

Hi!! Experts,

I have a typical scenario here in which several users have access to a particular login .. say "build".

None of the users know the passwd for this login.
The name of some of the user have been to .rhosts file.
The users can connect only by doing a rlogin to this id and then they can do some set of operations.

I need to to track which user has rlogin to this login and which are the set of command which he has run as "build".

Right now its a chaos. Some user does a rlogin to this ID and mess up the file and I have no way to find the culprit.

Could you suggest any pointers how to track it??

Thanks in Advance..

RTM · August 1, 2003, 11:20am

Please post your OS/version and what shell the "build" account uses.

Look into the last command (man last), possibly the .sh_history, and possibly creating a log of their activites with the script command.

jyotipg · August 4, 2003, 2:40am

The OS used in HP-UX-11.0 and the shell is ksh

Perderabo · August 4, 2003, 10:52am

Chaos always results from group accounts. The solution is to not have a group account. Instead of a group account, you should be using a group group. That's what groups are for.

There are lots of ways to track what the user called "build" did. But that is not what you asked for.

saabir · August 4, 2003, 11:43am

You could take RTM's suggestion of using the 'script' command and perhaps create a unique log of their session by naming the output file according to their IP address.

This assumes that they have unique IP addresses and that those are static - or else this is useless as you cannot isolate the person concerned very easily.