LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How do i monitor SSH logins? (https://www.linuxquestions.org/questions/linux-security-4/how-do-i-monitor-ssh-logins-331309/)

gtwilliams 06-07-2005 03:58 PM

How do i monitor SSH logins?
 
Hey,
How do i monitor SSH logins real time, instead of reading logs ?

1) How do i read the logs, where are they
2) Is there software that notifies me when someone has logged in and what he/she is doing? Is there a way to communicate with the users when they log in?

Ubuntu - Hoary Hedgehog

win32sux 06-07-2005 04:28 PM

welcome to LQ!!! to see the logs in "real time":
Code:

tail -f /var/log/messages
to see who is logged and what they are doing:
Code:

w
to send a message to another user's TTY (example):
Code:

echo "I can see what you are doing!" > /dev/pts/1
to actually "talk" with a user:
Code:

talk user
http://www.die.net/doc/linux/man/man1/tail.1.html

http://www.die.net/doc/linux/man/man1/w.1.html

http://www.die.net/doc/linux/man/man1/echo.1.html

http://www.die.net/doc/linux/man/man1/talk.1.html


just my :twocents:... good luck... ;)


int0x80 06-07-2005 04:31 PM

There is also an application called logcheck that can email you with various system notifications, including user logins.

gtwilliams 06-08-2005 08:07 PM

Is there a way to list the last X number of commands from a user?

Grant

lowpro2k3 06-08-2005 10:35 PM

Quote:

Originally posted by gtwilliams
Is there a way to list the last X number of commands from a user?

Grant

Make sure they can't modify their ~/.bash_history file on their own (not sure if they are required to have write access to their own .bash_history, anyone??) and run tail commands periodically on the ~/.bash_history file. Although I dont see what your trying to accomplish... If you want to 'stop' them from running commands its harder than that.

It would be more secure to limit what resources they have access to. I feel sorry for colleges/uni's who need to provide a development environment in *nix to the comp sci students. If you give anyone a C compiler, or an Assembler, heck even a Perl interpreter, your basically giving up root access. But what can schools do, these students (me) need to be able develop remotely. Theres just a mutual respect I follow at school and would hope others would too. They give us the development tools we need with the huge possiblity of getting easily rooted. But since they give us the tools to do our 'real' work, nobody does (or at least not many know how in the first place :D).

Capt_Caveman 06-08-2005 11:43 PM

Quote:

Originally posted by gtwilliams
Is there a way to list the last X number of commands from a user?
Might also want to check out psacct for more verbose logging of user commands that isn't as susceptible to 'unsetting' like bash histories.


All times are GMT -5. The time now is 12:56 PM.