Prajith
asked on
how can find out when user is created in AIX
how can i find out when the user has been created.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If this is an on-going requirement Tripwire and / or IBM's tivoli security tool's can capture / log user additions / changes.
If you want to find out when the user first / last logged in try:
last | grep user-id
If you want to find out when the user first / last logged in try:
last | grep user-id
>> find out when the user first / ... logged in <<
arober11, how would you find out the first login? Would be great if this was possible (but I don't believe so).
The outcome of last depends on the contents of wtmp, a file which gets cleaned up regularly by most people.
wmp
arober11, how would you find out the first login? Would be great if this was possible (but I don't believe so).
The outcome of last depends on the contents of wtmp, a file which gets cleaned up regularly by most people.
wmp
Wouldn't count on the wtmp being rotated / truncated regularly, as most non Development servers I've played on have had 12-36 months worth of history. If it hasn't been truncated it should give an indication of how long the account has been around, and the IP(s) the ID has been used from, if access was external, not via su.
Note: Have assumed the server isn't subject to SOX of PCI-DSS reg's as audit logging would have been enabled and probably spooled to the syslog and on to a separate log server, to pass an audit.
Note: Have assumed the server isn't subject to SOX of PCI-DSS reg's as audit logging would have been enabled and probably spooled to the syslog and on to a separate log server, to pass an audit.
Another rough option, if you have password aging enabled and a local shadow password file, you'll have a timestamp for the last password change.
ASKER
not bad
In which way did the answer you accepted help you?
Just curious ...
Just curious ...
short answer: you can't - at least not in a reliable way, unless you had enabled the auditing feature of AIX and have kept the logs.
You could look at the creation time of the user's .profile and hope that they didn't change it.
Here is a rather good IBM Redbook on auditing:
http://www.redbooks.ibm.com/redbooks/pdfs/sg246396.pdf
Sorry, no better way!
wmp