LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-10-2005, 05:32 PM   #1
TheRealDeal
Member
 
Registered: Jun 2003
Location: Central Coast, NSW, Australia
Distribution: Gentoo
Posts: 438

Rep: Reputation: 30
Logging an IP?


Hello.

This should be a simple question for you guys.

When someone ssh's into my linux box, I want it to do two things, put it in the MOTD file, and also log it somewhere so I can have a look.

Is this possible?

The reason I want it in the MOTD file is so basically it can warn the person doing so that there IP is x.x.x.x and it is being monitored.

Any ideas?

Thanks alot.

Craig
 
Old 02-11-2005, 02:24 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
well, i know there's a section for configuring logging in the /etc/ssh/sshd_config file... there's also an option in there for selecting if you want the MOTD to be displayed for ssh clients...

but i'm not sure how you'd make it so that their IP appears in the MOTD they receive, though...

maybe just telling them that their IP has been logged could be enough?? actually, the psychological effect of having their IP address displayed is much more powerful, so it's definitely worth it to achieve this "personalized motd" thing...

i'm sure someone knows how to do this and will post the method...

i wanna learn to do it also, if i figure it out i'll let you know...

good luck...


Last edited by win32sux; 02-11-2005 at 06:50 AM.
 
Old 02-11-2005, 02:55 AM   #3
overlord73
Member
 
Registered: Apr 2004
Location: ..where no life dwells..
Distribution: RH,FC/SuSE/Debian/HPUX/OSX
Posts: 511

Rep: Reputation: 30
...for the messages, edit

/etc/issue, /etc/issue.net

...for the logging

perhaps /var/log/secure helps you!?
there´s the ssh access listed
 
Old 02-11-2005, 06:49 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
issue and issue.net are for local and telnet logins... sshd will usually display /etc/motd by default, AFAIK... as for the logging, on slackware the ssh login info (date, time, username, ip address, reverse dns, source port, etc.) is logged to /var/log/messages, i'm guessing it's probably the same on other distros, but i'm not sure... for the motd to display the ip address of the client you'd probably need a script to look at /var/log/messages (or wherever you're logging) and get the login's corresponding ip from there right after the login and then echo it - but i'm still not sure how to do this in a kosher manner... i suspect it could be done from the user's ~/.profile but then they'd require read permission to the logfile and that would really suck...

Last edited by win32sux; 02-11-2005 at 06:54 AM.
 
Old 02-11-2005, 07:01 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
(thinking-out-loud) maybe we should look into the "banner" option in /etc/ssh/sshd_config... i think it might be possible to run the script from there for every user upon login... in fact, i think you could show the banner even before they enter the password, and the banner could include the IP like you want...

Last edited by win32sux; 02-11-2005 at 07:03 AM.
 
Old 02-11-2005, 08:05 AM   #6
overlord73
Member
 
Registered: Apr 2004
Location: ..where no life dwells..
Distribution: RH,FC/SuSE/Debian/HPUX/OSX
Posts: 511

Rep: Reputation: 30
Quote:
[B]issue and issue.net are for local and telnet logins... sshd will usually display /etc/motd by default
oops...you´re right! :-)

Quote:
.. as for the logging, on slackware the ssh login info (date, time, username, ip address, reverse dns, source port, etc.) is logged to /var/log/messages, i'm guessing it's probably the same on other distros, but i'm not sure...
FC is /var/log/secure
 
Old 02-13-2005, 04:02 PM   #7
TheRealDeal
Member
 
Registered: Jun 2003
Location: Central Coast, NSW, Australia
Distribution: Gentoo
Posts: 438

Original Poster
Rep: Reputation: 30
Hi guys,

Thanks for your replies. You are right, it does log the IP etc in /var/log/messages when someone logs in using ssh, and you can set the banner up in sshd_config, which basically runs a script that you point it to. Problem is that I'm not that good at scripting

I'll let you know if I manage to figure it out.

Thanks again.
Craig
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help logging in to 10.0.0.2 ImNew Linux - Networking 1 09-08-2005 09:13 AM
Logging bramhastra Linux - Security 4 05-30-2005 05:28 AM
logging in help dummie_at_linux Linux - Newbie 2 12-29-2004 02:50 PM
logging out spuppett Linux - General 1 03-06-2003 10:27 PM
using red-carpet without logging out and logging as root. packman Linux - Software 1 12-09-2002 02:55 AM


All times are GMT -5. The time now is 04:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration