|
Home > Archive > Unix Programming > May 2006 > User log details in Unix
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
User log details in Unix
|
|
|
| Hi all,
How to view who all are users are logged in and what are commands
executed by them within last 24 hours , assuming I am the root in Linux
or Unix! Please let me know.
What is the way to remove those loggs ?
best regards,
Gaurav
| |
|
| On 15 May 2006 08:12:51 -0700
"Gsec" <Gaurav.Saikia@gmail.com> wrote:
> How to view who all are users are logged in and what are commands
> executed by them within last 24 hours , assuming I am the root in
> Linux or Unix! Please let me know.
who, last, history, /var/log/* are your friends. Any real hacker will
replace the tools you use to interrogate those files.
> What is the way to remove those loggs ?
The same way you remove windows event viewer data.
--
Regards, Ed :: http://www.openbsdhacker.com
just another unix hacker
:%s/Open Source/Free Software/g :: Free DNS available
| |
| Victor Wagner 2006-05-15, 7:15 pm |
| ed <ed@noreply.com> wrote:
> On 15 May 2006 08:12:51 -0700 "Gsec"
> <Gaurav.Saikia@gmail.com> wrote:
> commands > executed by them within last 24 hours , assuming I
> am the root in > Linux or Unix! Please let me know.
> who, last, history, /var/log/* are your friends. Any real
> hacker will replace the tools you use to interrogate those
> files.
Any real sysadmin would set up syslog.conf so it would send log records
about login attempts to some other machine, preferable one which
wouldn't be so easy to hack.
And would check hash sums of various system utilities using known-good
(digitally signed or run from read-only media) utility if he have
slightest suspicion that system is compromised.
There are such tools as tripwire or integrit that maintain database of
such checksums for all files in the system. And every good system
administrator deploy one of them.
Also packaging system of any modern *nix distribution allows to check
integrity of software packags, incluing such utilities as who etc.
--
#define NULL 0 /* silly thing is, we don't even use this */
-- Larry Wall in perl.c from the PERL source code
| |
|
| On Mon, 15 May 2006 19:38:02 +0000 (UTC)
vitus@45.free.net (Victor Wagner) wrote:
> ed <ed@noreply.com> wrote:
>
> Any real sysadmin would set up syslog.conf so it would send log
> records about login attempts to some other machine, preferable one
> which wouldn't be so easy to hack.
>
> And would check hash sums of various system utilities using known-good
> (digitally signed or run from read-only media) utility if he have
> slightest suspicion that system is compromised.
>
> There are such tools as tripwire or integrit that maintain database of
> such checksums for all files in the system. And every good system
> administrator deploy one of them.
>
> Also packaging system of any modern *nix distribution allows to check
> integrity of software packags, incluing such utilities as who etc.
Yep. That's why we have these programs. They also exist in windows
such as sfc (checks against installation medium).
Once a box is rooted all those tools can be replaced, except the syslog
server logs... Some root kits will leave a kernel module behind to make
matters worse.
Personally I trust debsums.
BTW, I recognised your name from c-prog ;)
--
Regards, Ed :: http://www.s5h.net
just another Java person
:%s/Open Source/Free Software/g :: Free DNS available
|
|
|
|
|