Account Creation / Deletion 3

[bambock]

Has anyone developed a script or have a method to monitor accounts being created or deleted in AIX.

Thanks,
Ethan

 

[KenCunningham]

Why not just write a copy of /etc/passwd to a file at regular intervals. Not foolproof however. Another possibility would be to monitor smit.log for the appropriate entries.

 

[trifo]

Hi!

Monitoring smit.log is not enough. On one hand you might not be sure which smit.log is to be monitored (if not only root user is allowed to create users). On the other hand you can use command line to do the same (mkuser/pwdadm or even vi) which do not leave entries in smit.log.

Thus I think monitoring passwd is a better idea. How often does the user list change?

--Trifo

 

[ggauthier]

Fore account creation, you can update this file to log:

/usr/lib/security/mkuser.sys

For example,

echo $(date)"\t"$(logname)"\t"$2"\t"$1 >> /my/log/path/mk_user.log


That will log the date, the user who executed the mkuser command (even if via smit), the account name and the home directory at the time of creation.

You can log further information if wanted.

Obviously, this will not trap user additions from editing /etc/passwd directly.

-glenn

 

[bambock]

Thanks for the info and the ideas.