LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-14-2010, 10:23 PM   #1
vkunasani
LQ Newbie
 
Registered: Dec 2009
Posts: 1

Rep: Reputation: 0
Tracing Intruders connecting to our system in Redhat Linux operating system


Hello Linux Team,

I am working as a employee in a Software Organization.Recently I came to know one of my colleague is just coming and selecting remote desktop option in administration tab when I am moving from my system and watching my activities with out my knowledge.He is just killing my privacy and cheating me.

I kindly request you to let me know,is there any possibility to find the users connected to our system by using VNC/Remote Desktop/TeamViewer in RedHat Linux operating system.If you help me ,I will catch him with proof and submit him to the management.May be mine might not be such a confidential system,I was just worrying the case:If it belongs to a lady or management person or a project person,they will be in trouble.


Please help me in tracing out his illegal activities. Appreciate your help in advance.

--
Thanking You,

Best Regards,
Vamsi Krishna Kunasani
vamsi.kunasani@gmail.com

Last edited by vkunasani; 02-14-2010 at 10:25 PM.
 
Old 02-15-2010, 12:25 AM   #2
jstephens84
Senior Member
 
Registered: Sep 2004
Distribution: (Home)Opensolaris, Ubuntu, CentOS, (Work - AIX, HP-UX, Red Hat)
Posts: 2,043

Rep: Reputation: 83
You can find all information about how is on your system by going to a command prompt and typing
Code:
who
Code:
w
or

Code:
finger
this will output information such as who is connected, where they are connected from, what they are doing. Here is some output from my command line.

Code:
bsdtux@bsdtux-laptop ~ $ who
bsdtux   :0           2010-02-14 11:49
bsdtux   pts/0        2010-02-14 11:49 (:0)
bsdtux@bsdtux-laptop ~ $ w
 00:24:16 up 12:36,  2 users,  load average: 0.36, 0.19, 0.13
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
bsdtux   :0       -                Sun11   ?xdm?   6:17   0.03s /bin/sh /usr/bin/x-session-manager
bsdtux   pts/0    :0               Sun11   12:35m  0.00s  0.03s /usr/bin/kwrited
bsdtux@bsdtux-laptop ~ $ finger
Login     Name            Tty      Idle  Login Time   Office     Office Phone
bsdtux    Josh Stephens  *:0             Feb 14 11:49
bsdtux    Josh Stephens   pts/0   12:35  Feb 14 11:49 (:0)
bsdtux@bsdtux-laptop ~ $
 
Old 02-15-2010, 01:08 AM   #3
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
vkunasani - welcome to LQ
as jstephens84 said, anyone using VNC etc to access your computer will usually show up as a user on your system. Thus the who command will often tell you about them. don't know if this works with all remote desktop servers - but the particular server will have a way of tracking who is doing what. But with VNC, in linux (iirc) each user gets their own x session.

Usually there is little point finding out who in accessing your system, just close the hole.
 
Old 02-15-2010, 01:13 AM   #4
jstephens84
Senior Member
 
Registered: Sep 2004
Distribution: (Home)Opensolaris, Ubuntu, CentOS, (Work - AIX, HP-UX, Red Hat)
Posts: 2,043

Rep: Reputation: 83
Quote:
Originally Posted by Simon Bridge View Post
vkunasani - welcome to LQ
as jstephens84 said, anyone using VNC etc to access your computer will usually show up as a user on your system. Thus the who command will often tell you about them. don't know if this works with all remote desktop servers - but the particular server will have a way of tracking who is doing what. But with VNC, in linux (iirc) each user gets their own x session.

Usually there is little point finding out who in accessing your system, just close the hole.
I second that. It will probably take more time tracking them down then to just stop the vnc server service.
 
Old 02-15-2010, 06:23 AM   #5
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
Usually a vulnerable service is being run for a reason. Stopping it all the time will not be useful and stopping it once it is discovered running when it shouldn't is a tad late.

From the OP, it looks like someone with temporary physical access to the machine is enabling the service to enable more covert access at leisure.

Restricting who can access by remote is the best bet, though locking the console when you leave the workstation is good discipline. You only have to remember to do this for a few weeks and that person will stop checking. Remote access restricts well through OpenSSH - then only people with an account on your machine can use the remote desktop.

If this is a corporate environment, then OP may not be the administrator. In which case, the security breach needs to be taken up with the admin, not us.

Usually, though, it is unusual to be able to use a remote desktop to spy on the local user. In Linux, the remote user gets their own session = their own separate desktop. Unlike Windows, where they can watch your desktop while you work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CD with RedHat Ent Linux 5.1 does not install operating system decepticon Linux - Newbie 5 04-20-2009 11:43 PM
'Operating system not found' Any operating system installed wont work. TechniSlave Linux - Newbie 55 02-09-2009 11:02 AM
LXer: How to catch Linux system intruders LXer Syndicated Linux News 0 09-20-2008 03:40 PM
Connecting a Canon S5IS to a Linux/SUSE operating system. Lola Kews Suse/Novell 9 02-29-2008 02:19 PM
Why Linux is best Operating System for Learning/Doing System Programming ? ubaid_t General 6 03-21-2004 02:10 PM


All times are GMT -5. The time now is 12:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration