LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-09-2007, 04:02 AM   #1
darwinianlo
LQ Newbie
 
Registered: Aug 2007
Posts: 13

Rep: Reputation: 0
how to check who has logged on using root


I have some garbage, debug output on my screen. It 'looks' like someone has run a specific command on my tty as there appears '[root]$SPECIFICCOMMAND, but I have been present all the time. Others have remote access to this server via a VPN and the root account.

I know the specific command, it is not listed using 'history' so is there any other way to check whether someone has logged on remotely using the root account!

Secondly, why would this command appear on the server screen, output should be attached to the remote tty right? Any ideas are welcome.
 
Old 08-09-2007, 04:16 AM   #2
darwinianlo
LQ Newbie
 
Registered: Aug 2007
Posts: 13

Original Poster
Rep: Reputation: 0
Well, I found command (w) and (last), the last one shows the time of logon IPs and duration so that is a good enough trace.

should have waited 5 minutes before posting.
 
Old 08-09-2007, 04:19 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
top -u root

see also /var/log/messages

Usual advice is to disable root logon via ssh (you do use ssh right!).
Then enable yourself to
su -
up when you need root access.
Set all root accesses to use sudo eg
sudo su -
sudo does logging.
 
Old 08-09-2007, 08:05 AM   #4
darwinianlo
LQ Newbie
 
Registered: Aug 2007
Posts: 13

Original Poster
Rep: Reputation: 0
Thankyou for the tip
I'll read up on Sudo then
 
Old 08-09-2007, 08:14 AM   #5
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Or even better, find out what they actually need (surely they don't need every possible thing on the system as root), change root password thus disabling the use of 'su' from them and make them use 'sudo' instead, after having configured 'sudo' for each of them in such a manner that they can only run the specified, really needed commands with it (no shells, su, sudo or anything that grants them root shell..it might take some time thinking but it's worth it, really). Password of root should only be known to one person, the rest should just use sudo. Even that one person who knows root password should use sudo instead of that, and it's not a bad idea to lock root account too, to prevent misusage. Using sudo is surely sufficient; spending some time with it is less wasted time than spending some time with thinking who just executed something stupid on your system as root, if there are 100 people who knew root password and they all say they don't know about it.

EDIT: sudo's logging is a handy feature, but know that if the folks have root access, you can't save the logs on the same machine. Have the logs saved onto another machine that is not accessible for the root folks, only you. This way they can't hide their traces so easily.

Last edited by b0uncer; 08-09-2007 at 08:15 AM.
 
Old 08-09-2007, 07:43 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Bouncer's desc was what I had in mind, only he said it more clearly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Logged in as root, prompted for root password ta0kira Slackware 13 04-25-2005 02:29 AM
being logged in as root Smokey Linux - Security 6 09-06-2004 03:34 PM
kde much slower to start when logged in as alan than logged in as root arubin Slackware 0 04-26-2004 05:27 PM
How to check amount of users logged in CurtisKaj Linux - General 4 08-20-2003 10:46 PM
mozilla works fine when logged in as a user but crashes when logged in as root jimi Linux - General 6 04-02-2003 09:34 PM


All times are GMT -5. The time now is 12:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration