LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-31-2003, 12:19 PM   #1
jdruin
Member
 
Registered: Jul 2003
Location: Louisville aka Derby City
Distribution: WinXP SP2 and SP3, W2K Server, Ubuntu
Posts: 313

Rep: Reputation: 30
Question how do I "kick" a user off Redhat 9?


Hey peeps.

Can someone tell me how I can kick a user off REDHAT 9 (from command line, I am not into GUI yet). I did a "last" command and there is a user on the terminal of the server I want to kick. I am not at the server but logged in over SSH.

The user 'looks' like this to "last":

root tty1 Wed Jul 30 08:50 still logged in

Thanks
 
Old 07-31-2003, 12:54 PM   #2
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
kill tty1 process....dont worry it will respawn =)
 
Old 07-31-2003, 12:58 PM   #3
Strike
Member
 
Registered: Jun 2001
Location: Houston, TX, USA
Distribution: Debian
Posts: 569

Rep: Reputation: 31
Kill their shell
 
Old 07-31-2003, 01:00 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Before you do - are you sure that it isn't yourself?
 
Old 07-31-2003, 01:24 PM   #5
jdruin
Member
 
Registered: Jul 2003
Location: Louisville aka Derby City
Distribution: WinXP SP2 and SP3, W2K Server, Ubuntu
Posts: 313

Original Poster
Rep: Reputation: 30
Hey Strike:

When you say kill their shell:

Where can I look up to see what that shell is (last does this maybe?)?

How do I kill a shell? does it have a PID I can kill? If so how do I find out what the PID of the shell is?

PS I am sure the user is not me. Like I said I am not at the computer but this user is. I am logged in over SSH.
 
Old 07-31-2003, 01:41 PM   #6
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Do a "who -u" Then kill the pid for that user - eg "kill 2398"

Or you could use:
kill `who -u | grep tty2 | awk {'print $7'}`

Last edited by david_ross; 07-31-2003 at 01:43 PM.
 
Old 07-31-2003, 01:58 PM   #7
jdruin
Member
 
Registered: Jul 2003
Location: Louisville aka Derby City
Distribution: WinXP SP2 and SP3, W2K Server, Ubuntu
Posts: 313

Original Poster
Rep: Reputation: 30
Thanks for the "last" and "who -u" information. Those provided me with the solution plus some other "bonus" knowledge that is useful. My next question is:

Is there a way (without to much trouble perhaps) that when a user logs into the box, a message could be echoed to my terminal stating the event has taken place?
 
Old 07-31-2003, 02:34 PM   #8
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
You could try something like this:
Code:
while [ 0 -lt 1 ]; do who > /tmp/user1; diff /tmp/user2 /tmp/user1; mv -f /tmp/user1 /tmp/user2; sleep 1;done
I've just written this and it works for me. If a user logs out the line should begin "<" and if they login it should begin ">".

If you want it to detach from your console so you can keep working then put an ampersand at the end - eg:
Code:
while [ 0 -lt 1 ]; do who > /tmp/user1; diff /tmp/user2 /tmp/user1; mv -f /tmp/user1 /tmp/user2; sleep 1;done &
If you want it to work each time you login then put it in your ~/.bash_profile script.
 
Old 07-31-2003, 04:58 PM   #9
Strike
Member
 
Registered: Jun 2001
Location: Houston, TX, USA
Distribution: Debian
Posts: 569

Rep: Reputation: 31
This may or may not catch local logins, but it definitely catches SSH logins:

Code:
tail -f /var/log/auth.log
tail -f basically says "show me whatever is getting appended to the end of this file, in real-time".
 
Old 08-01-2003, 03:40 AM   #10
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Quote:
Originally posted by Strike
This may or may not catch local logins, but it definitely catches SSH logins:

Code:
tail -f /var/log/auth.log
tail -f basically says "show me whatever is getting appended to the end of this file, in real-time".
If you want to catch all logins then put a statement in /etc/bashrc like:
echo $USER logged in at `date` > /tmp/logins

Then tail that file:
tail -f /tmp/logins
 
Old 08-01-2003, 08:27 AM   #11
jdruin
Member
 
Registered: Jul 2003
Location: Louisville aka Derby City
Distribution: WinXP SP2 and SP3, W2K Server, Ubuntu
Posts: 313

Original Poster
Rep: Reputation: 30
That combination works great. Only one small issue. When the output goes to the file, it overwrites previous information. Is there a way to "append" to a file using the redirection?

Also, some food for thought. In order for an 'ordinary' user to register in the file, I had to

chmod o+w /tmp/logins.log

so there would not be an error message at login time. This seems like it may be a security risk to have everyone able to write to the file since they could overwrite their trail. Any suggestions?

PS: Here is some info I can give back to the discussion for others reading this post. I found the following use of 'tail' useful:

tail -f -n 5 -s 10 -q /tmp/logins.log &

This '"tuned" tail to just give me the output I needed per login. Thanks for the push. -s allows tail to sleep a little. -q keeps file headers from printing. -n allowed me to pick how many lines to see each time. -f follows the file by its number (NOT name). To track the file by name use -f='name'. & forks the process so I can use my prompt.
 
Old 08-01-2003, 09:53 AM   #12
Strike
Member
 
Registered: Jun 2001
Location: Houston, TX, USA
Distribution: Debian
Posts: 569

Rep: Reputation: 31
Quote:
That combination works great. Only one small issue. When the output goes to the file, it overwrites previous information. Is there a way to "append" to a file using the redirection?
Yes, use >> instead of > if you want to append instead of overwrite.
 
Old 08-01-2003, 12:32 PM   #13
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
To do t that way you will need to let the users write to the file. That was my reason for giving the original solution of using who.
Code:
while [ 0 -lt 1 ]; do who > /tmp/user1; diff /tmp/user2 /tmp/user1; mv -f /tmp/user1 /tmp/user2; sleep 1;done &
 
Old 08-01-2003, 01:53 PM   #14
jdruin
Member
 
Registered: Jul 2003
Location: Louisville aka Derby City
Distribution: WinXP SP2 and SP3, W2K Server, Ubuntu
Posts: 313

Original Poster
Rep: Reputation: 30
Hmm. The code works well also. I was thinking (uh oh) it would be better if the code could run all the time whether I was logged in or not so there could be a permanent record log of user log ons. Is there a place I could put this code (as an executable file) so that it would start when the computer starts and just run all the time in the background?
 
Old 08-01-2003, 01:56 PM   #15
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Why not have a compromise of outputing the while loop to a file that you could look at when you want and then when you are logged in you can tail the log file.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I "kick" a user who is logged in? LinuxSeeker Linux - General 11 06-03-2005 07:47 AM
chrooted user: "write" and "talk" don't work. ldp Linux - Software 2 04-12-2005 02:05 AM
User "list" running process "python" TroelsSmit Linux - Newbie 2 02-22-2005 04:55 AM
"User" & "System" CPU load difference JJX Linux - General 3 06-06-2004 01:42 AM
Shorten a Qmail user name to "user" instead of "user@domain.com" anorman Linux - Software 0 12-12-2003 08:29 AM


All times are GMT -5. The time now is 07:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration