recently someone somehow made a terrible mistake (destroyed an important database application by re-initialised a disk).
the shell used was ksh with HISTFILE configured in .profile.
I can see in .sh_history.xxxx files what that person did.
But I just don't know from which machine (IP) the telnet connection was made.
Users don't have the console access to the server. Thay can only access the server remotely (telnet, FTP etc)
Was wondering if there is an utility can be configured to record the info like IP or host name of a remote machine making connecttions like telnet to the server.
My Solaris is 8 and everybody uses ksh by default.
Any advise/help will be greatly appreciated.