[SOLVED] Can one know from which server a particular command was run in a network?

Ajit Gunge · 05-19-2009, 01:27 AM

Hi All,
I wanted to know which file I have to look to see from which server a particular command was run in a network.For eg.Suppose if someone logs into a server and runs a shutdown command on that server which file should I look to trap the culprit as in you ran that command and from which ip-address.

Ajit

baig · 05-20-2009, 02:37 AM

If somebody logs in to your server that is possible through ssh. I don't know where exactly you will get "commands run by users" but the possible path could be

/var/log/secure

from secure you can see at what time near to your pc shutdown someone loged in to your server..

BTW how an unwanted user logs in to your server?

Cheers!!

Ajit Gunge · 05-20-2009, 04:16 AM

Quote:

Originally Posted by baig

If somebody logs in to your server that is possible through ssh. I don't know where exactly you will get "commands run by users" but the possible path could be

/var/log/secure

from secure you can see at what time near to your pc shutdown someone loged in to your server..

BTW how an unwanted user logs in to your server?

Cheers!!

Thanks.That file has the information of the user that looged into the server through ssh.Actually I wanted to know this information itself its not that anyone unwanted is logging into my server and all....

Ajit

kpraveen455 · 05-20-2009, 04:20 AM

One way is to check all the users 'bash_history' and check who is the actual culprit. The procedure can be like this:

1) Login to server, change to superuser mode
2) Then check the bash history of all the users
/home/user/.bash_history

3) If required use the command "last" to know about the users last logged into your server

last -i (Displays the IP number of the remote host)

This is one of the way! even though a better way may still exist.

kirukan · 05-20-2009, 04:28 AM

implement the "sudo", i think this may be useful to identify the users activities and you can restrict their activities