User auditing from AIX server

Nagesh_1985 · July 1, 2014, 11:08pm

I am trying to find out the information of my local desktop when i use putty to login to an AIX server.
This is what I do:

login to my PC
take a putty session to an AIX server
Can i get information of my local desktop from the AIX server ? Is there a command available ?

Thanks

aixkidbee · July 2, 2014, 2:46am

Simple answer. No.

rbatte1 · July 2, 2014, 8:06am

It depends what you want.

For access to files, you would have to share your disk in a way that AIX can use (mount) it.
For information about processes, memory etc., you would have to allow the AIX server to connect (perhaps rsh or ssh) and run the appropriate PC commands.

Doing either of these requires the PC to be running the services to allow the connection and the network firewall rules to be open (if you have one)

If you just want the IP address of the connection or the DNS name of your PC, then those are much easier.

What's the requirement?

Robin

ibmtech · July 2, 2014, 11:05am

I am not really sure what do you mean by those two questions, but one can know the IP address/Hostname of a source server and (time of login, time stayed on the destination server). This can be achieved by running last command.

Nagesh_1985 · July 2, 2014, 7:16pm

Thanks for the reply..
the 'last' command works fine.

This is what i am trying to do.
Say, for example, an user logs into the AIX server from his local desktop via a putty session.
The user logs into his local desktop using his ID
I want to capture the logon and logoff time of the user into the AIX server.
And this has to be done from within the AIX server.

More like auditing user logons into AIX server.

aixkidbee · July 2, 2014, 9:44pm

The last command works perfectly fine for capturing who logged on at what time and date and possibly the desktop hostname/pc/asset id .

Nagesh_1985 · July 2, 2014, 10:15pm

Thanks...1 final question.
Does the 'last' command work for RHEL, HP-UX and Solaris servers ?
If not, is there an alternate command for these servers ?

Thanks

aixkidbee · July 3, 2014, 12:43am

It sure does.

bakunin · July 3, 2014, 10:25am

The "last" command records the log-on- and log-off-times of any connection to the AIX-server, regardless of the OS this has originated from. You will see IP-addresses (or their DNS-equivalents) and other information pertaining to the connection, but no direct information about the client the connection has been made from.

Regardless of where you come from, all the clients you mentioned use the same mechanism: they start a SSH-client (in Linux derivates this is the command line utility "ssh", in Windows this would be "putty" or maybe some other tool with the same functionality) and connect to the SSH-server(-process) on the AIX-system. This in turn will validate (like asking for passwords, ...) and finally establish the session - which will be logged in a file "/var/adm/wtmp", which "last" reads.

I hope this helps.

bakunin