Unix Technical Forum

Extracting 2 user information from AIX

This is a discussion on Extracting 2 user information from AIX within the AIX Operating System forums, part of the Unix Operating Systems category; --> Hello, I am new to the AIX world. I am lookginfor help in extracting the following 2 information about ...


Go Back   Unix Technical Forum > Unix Operating Systems > AIX Operating System

Extracting 2 user information from AIX Extracting 2 user information from AIX

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-05-2008, 09:03 AM
peternjusa@gmail.com
 
Posts: n/a
Default Extracting 2 user information from AIX
Hello,

I am new to the AIX world.

I am lookginfor help in extracting the following 2 information about
user accounts


1. user_unsuccessful_login (Count for the past 30 days)

For example, I would like to know how many times the user has logged
unsuccessfully during the past 30 days.

I am assuming I need to look in /etc/security/lastlog
and look for the field unsuccessful_login_count=(number). (I want to
know how to extract only the count for last 30 days)


2. user account_locked (count for the past 30 days)

I am assuming I can get this information from /etc/security/user

account_locked=true

I would like to know how many times a particular user has been locked
out for the past 30 days. It appears at this moment, when the user gets
unlocked, the count goes back to 0, so when I do a report at end of
month, I would not be able to capture how many times it was locked
during the month.

Any help would be apperciated!

Peter.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-05-2008, 09:03 AM
steven_nospam at Yahoo! Canada
 
Posts: n/a
Default Re: Extracting 2 user information from AIX
peternjusa@gmail.com wrote:

> I am lookginfor help in extracting the following 2 information about
> user accounts
>
> 1. user_unsuccessful_login (Count for the past 30 days)
>
> For example, I would like to know how many times the user has logged
> unsuccessfully during the past 30 days.
>
> 2. user account_locked (count for the past 30 days)
>
> I am assuming I can get this information from /etc/security/user
>
> account_locked=true


Peter,

For item 1, you can try to use a variation of the following command:

last -f /etc/security/failedlogin

This shows you all the times that a login was unsuccessful. I believe
that if a valid username is used, it shows that name as the source for
the unsuccessful login. If the name is not spelled correctly, it will
list UNKNOWN_USER.


For item 2, I am not sure that there is a way to detect a locked
account after it has been unlocked, but you could set something up so
that when the chuser is called, it runs an audit program, or have it
run through the sudo utility (www.sudo.org). You can also check the
smit.log to see if anyone unlocked an account, then remove the smit.log
each month afterward (of course that will only track smit instances of
chuser).

HTH,

Steve

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« aix fc switch connection problem | printing to multiple printers »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 10:57 AM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
www.UnixAdminTalk.com