LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-12-2008, 07:29 PM   #1
juju
Member
 
Registered: Jan 2005
Distribution: Slackware 14
Posts: 34

Rep: Reputation: 0
Login logging?


Greetings,

Definitely a newbie question here. I'm running Slackware 12 on a couple of machines, to be used by a group of people. I'm the default sys admin. I'd like to maintain a log of logins, that can't be deleted, even if someone has obtained the super user login info. Is this possible?

Thanks,

JuJu
 
Old 02-12-2008, 09:21 PM   #2
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
You mean a file that is impossible to delete under any circumstances? As far as I know, that can't be done under a Unix environment (sounds like a Windows "feature").

You could push the file to a remote server/device though, or somehow hide and or encrypt it.
 
Old 02-12-2008, 09:26 PM   #3
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 164Reputation: 164
The lastlog command should do what you need. However, once root is logged in they can do whatever they want. Perhaps you could have a cron job run the transfers /var/log/lastlog to a remote location every few minutes. The problem there is that whoever gets root access could view that cron job and find the remote log as well.
 
Old 02-13-2008, 04:01 AM   #4
vwvr9
Member
 
Registered: Feb 2005
Distribution: OpenSuse 10.1 / Centos 4.4
Posts: 60

Rep: Reputation: 15
also use PKI only authentication when possible to minimize your risk.
 
Old 02-13-2008, 08:00 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
If they get in as root, your options are limited.
You can scp or ftp to a remote system, but it (the remote sys) will have to prevent that same cxn deleting files.
The old fashioned bullet-proof way is a cheap (remote) printer or other write-only device eg burn to a WORM CD/DVD drive (again remote to prevent physical theft).
Of course, email (to a remote sys) is an option...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Configuring Login Logging matsko Linux - Security 5 03-26-2006 02:21 PM
Bad login logging luigi95 Linux - Security 2 07-07-2005 03:54 AM
Logging failed CDE login ]un]ie Solaris / OpenSolaris 5 12-19-2004 08:18 AM
login reprompts me instead of logging in spectrumver1 Linux - Newbie 1 06-01-2004 05:29 AM
Logging in and getting login prompt again dkaplowitz Red Hat 5 11-21-2003 04:43 PM


All times are GMT -5. The time now is 09:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration