LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-29-2007, 12:47 PM   #1
otacon 14112
Member
 
Registered: Apr 2004
Location: /
Distribution: ubuntu (gutsy)
Posts: 46

Rep: Reputation: 15
Checking to see when users logged in


hello,

I have an ssh service running so my friends can log in (I also know that having an open service on this port on the internet makes it possible for anyone to gain access), but how do I check to see when they have logged in because I might not be on the system when they are, so doing "who" would not work.

Is there some sort of logfile somewhere that keeps track of who logged in and what time?

In addition to that, I know it is possible (if they decided to mess with my computer, or if a hacker broke in) to edit or alter logfiles to hide the event of them gaining access to the system. What are some good ways to defend against this as well?

Sorry for so many questions, I'm not very knowledgeable about networking no matter despite how much I have read about it.

Thanks a lot,
otacon
 
Old 03-29-2007, 12:50 PM   #2
otacon 14112
Member
 
Registered: Apr 2004
Location: /
Distribution: ubuntu (gutsy)
Posts: 46

Original Poster
Rep: Reputation: 15
Also, if I wanted to execute commands or a custom script whenever someone logs in, what method should I go about doing it, and what script/file should I put the line in?

Thanks again,
otacon
 
Old 03-29-2007, 01:42 PM   #3
kcorupe
Member
 
Registered: Nov 2004
Location: Arizona
Distribution: Arch
Posts: 107

Rep: Reputation: 15
check wtmp in /var/logs. It will show who has logged in, also auth.log

And, they don't have permissions (check) by default to write to your log directories on most distributions if they are a regular user. That is why there is root separate from users. Do a google search on "restricting users + linux", that should come up with some good stuff if you want to add some extra security. Also install tripwire (a tool to see what files have been changed), and start getting into the habit of checking your logs (maybe install a log monitoring program like logchecker, that will automatically email you notifications)?
 
Old 03-29-2007, 07:23 PM   #4
tehfatal
Member
 
Registered: Mar 2007
Location: NJ
Distribution: Slackware 11, Fedora Core 6, Opensuse 10.2, CentOS 4.4
Posts: 31

Rep: Reputation: 15
I believe the commands your looking for are 'last' and 'lastb'

last will show you all successful loggings, and lastb will show all the bad loggins.
 
Old 04-02-2007, 09:44 AM   #5
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Ubuntu Linux (20.04)
Posts: 224

Rep: Reputation: 32
If you are running debian or other distor which uses auth loggs then you can check /var/log/auth to see when they logged into this is also useful for seeing if there is anyone else trying to log in since last doesn't keep that long of a history to show. You can go back further by viewing older archieved logs. auth.0 auth.1 etc...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Checking for users that haven't logged on keysorsoze Linux - Newbie 9 04-17-2006 01:45 AM
4 of the same users logged on... true_atlantis Linux - Newbie 1 04-13-2006 11:54 PM
why so many logged in users? alagenchev Linux - Security 2 03-24-2005 06:19 PM
users who logged before czezz Solaris / OpenSolaris 1 11-24-2004 06:12 AM
No Users logged in X kaise_sose Linux - Software 2 10-19-2004 02:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration