Kill bad pts/X entries?????

Kill bad pts/X entries?????

Post by tal » Wed, 01 Aug 2001 09:57:58



Hello all,

I've been running my linux box for about 10 days now and every so
often I run who to see who is logged in.  Since I'm the only one using
it, I'm the only one that should be logged in.  By the way, I check it
because it's used as a firewall.  Anyway, I've noticed that old logins
are still* around for some reason.

# who
root  tty1   Jul 30 20:42
tale  pts/0  Jul 30 19:52
tale  pts/1  Jul 24 17:22
tale  pts/2  Jul 30 19:52
tale  pts/3  Jul 25 22:23

When I ran this, I was logged in as root and I didn't have X running.
So, I figure I shouldn't have these pts/X entries showing up.  Right?
I check my processes with "ps ax" and I didn't see anything with pts/X
that was associated with a process.  How can I kill these extra logins
WITHOUT restarting.  That's not an option.

-- tale

 
 
 

Kill bad pts/X entries?????

Post by Dean Thompso » Thu, 02 Aug 2001 00:09:12


Hi!,

Quote:> I've been running my linux box for about 10 days now and every so
> often I run who to see who is logged in.  Since I'm the only one using
> it, I'm the only one that should be logged in.  By the way, I check it
> because it's used as a firewall.  Anyway, I've noticed that old logins
> are still* around for some reason.

> # who
> root  tty1   Jul 30 20:42
> tale  pts/0  Jul 30 19:52
> tale  pts/1  Jul 24 17:22
> tale  pts/2  Jul 30 19:52
> tale  pts/3  Jul 25 22:23

> When I ran this, I was logged in as root and I didn't have X running.
> So, I figure I shouldn't have these pts/X entries showing up.  Right?
> I check my processes with "ps ax" and I didn't see anything with pts/X
> that was associated with a process.  How can I kill these extra logins
> WITHOUT restarting.  That's not an option.

If you can't find any processes associated with these devices or user "tale"
on your system with a command: "ps -aefx | grep tale", then I would just
re-initialise the "wtmp" log by copying the old one to safe location, and then
restarting the syslogd daemon and possibly the utmp/wtmp daemons (although I
don't think they exist any more).  More importantly, you should try to get to
the bottom of why these terminal sessions have not been disconnected from the
remote "login" sessions that they are.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. Duplicate /dev/pts(x) entries in /etc/utmp detection

We have had a problem with duplicate sessions (/dev/ptsxx) lately
(shown by who
output, of course). One of the applications we have here uses this
entry to define security, (lame, right?).  This is fixable, using the
/usr/sbin/acct/fwtmp tool to edit /etc/utmp file. In the past, I would
manually check the server(s) for duplicate /dev/ptsxx entries. I have
written a perl script to perform this function instead. I am an
extreme perl beginner, but thought I would post the code anyway. I
searched the web (google, como no) before writing this, in the hope
that someone more knowledgable and capable had created one already.
Since none were found..here goes.. (Credit to Steve Gongage for help):

#!/usr/bin/perl -w
#
# Name: duplicate_check.pl
# Author: Michael Orr
# Purpose: To check for duplicate /dev/pts entries
# Date Created: 030225
# Location: /usr/local/bin
# Revision History:
#
#
###########################################################################################


$list_length = $#list;
my $results = '';  
for ($x = 0; $x <= $list_length; $x++) {
   for ($y = ($x + 1); $y <= $list_length; $y++) {
      if ($list[$x] == $list[$y]) {
        $results = $results. $list[$x] ."\n" ;
      }  
   }

my $body_content = "I have found a duplicate session!
/dev/pts/$results";


"cannot pipe to mail: $!";
                        print MAIL "$body_content";  
                        close MAIL;
                        die "mail: non-zero exit of $?" if $?;  }

I hope this is useful for someone..if anyone has revisions or
suggestions, I would be glad to hear them.....

" What do you do when the thing you most wanted, so perfect, just
comes?"

                      -Charles Morritz (Samuel L. Jackson)
                                The Red Violin

2. ESS1887 Sound Card

3. Increasing pts entries

4. Defualt? Screen Saver

5. kill pts/0 connection

6. AIC 78X patch question...

7. script for killing pts when lost

8. Newbie in module programming on mandrake 7.0

9. Killing a dead pts

10. "Floating pts sessions, no processes to kill"

11. who reports wrong amount of users / pts not being killed?

12. Wrong permissions for /dev/pts/0 and /dev/pts/1

13. dump pts output to other pts