How To Check The User Creation Date And Time On Windows And Linux
Finding user creation date on the Operating system is a key fact on security audit. This help us to ensure the validity of the user.
On Windows Operating System user creation date are analyised by checking Event viewers, Profiles creation date and net command.
1. Check on Event viewer. It would be good to enable the audit logs.
2. Profile creation date, help us to know the first login date.
*If the user have never login into the Operating System. System will not create a new profile folder.
3. Check the user status using net command.
Run -> cm -> net user nameofuser
On Linux Operating System user creation date are analyised by checking home directory creation, messages and auditlog.
1. Check the creation data of user home directory
# ls -ld /home/melbin/
drwx—— 5 melbin melbin 4096 Aug 28 22:07 /home/melbin/
2. Grep messages logs.
cat /var/log/messages | grep melbin cat /var/log/messages.* | grep melbin
3. If system auditd are enabled. Search the logs using grep, aureport, ausearch commands. Daemon auditd collects audit subsystem logs and log them on /var/log/audit/audit.log. SELinux uses the audit subsystem.
* aureport –auth | grep melbin
These are two programs, ausearch and aureport, that provide retrieval capabilities. Ausearch is a grep program in that it can be given certain parameters and it will display any records that match. The aureport program was designed to aid in doing reports via awk, perl, or grep. It can select different kinds of information in the audit logs and present them in either columnar form or rankings. Some of the information it can select includes: logins, users, terminals, host names, executables, file access, avc objects, syscalls, watches, or event types.
cat /var/log/audit/audit.log | grep melbin cat /var/log/audit/audit.* | grep melbin
Latest posts by Melbin Mathew (see all)
- VMware virtual IDE to virtual SCSI hard disk conversion steps – Windows XP - August 6, 2015
- Stop Error “CRITICAL_STRUCTURE_CORRUPTION - August 5, 2015
- Error installing Windows server role and feature required for the Exchange 2010 - December 3, 2013