by Mark Rieh » Wed, 21 May 1997 04:00:00
Any suggestions on how to set up a machine to track who logged in
to a particular machine and when? I want to know every user login,
not just the root.
Is there a howto that discusses this?
Thanks,
Mark
PS - Please cc a copy of any replies to the address shown below.
*******************
Mark Riehl
The MITRE Corporation
(908) 389-6752
by David Mador » Wed, 21 May 1997 04:00:00
> Any suggestions on how to set up a machine to track who logged in
> to a particular machine and when? I want to know every user login,
> not just the root.
David A. Madore
http://www.eleves.ens.fr:8080/home/madore/index.html)
by Sander_Pro » Fri, 30 May 1997 04:00:00
: >
: > Any suggestions on how to set up a machine to track who logged in
: > to a particular machine and when? I want to know every user login,
: > not just the root.
: That should be done automatically. It all goes in /var/log/wtmp,
: and you can retrieve the contents of this file by using the "last"
: command. You might need to check the logrotate config files to make
: sure it doesn't get trashed too fast.
If the last command doesn't seem to work do:
touch /var/log/wtmp
as root.
Sander Pronk
Amsterdam
by Omar Eg » Sun, 01 Jun 1997 04:00:00
>: That should be done automatically. It all goes in /var/log/wtmp,
>: and you can retrieve the contents of this file by using the "last"
>: command. You might need to check the logrotate config files to make
>: sure it doesn't get trashed too fast.
>If the last command doesn't seem to work do:
>touch /var/log/wtmp
>as root.
>Sander Pronk
>Amsterdam
by Stephen Poll » Sun, 01 Jun 1997 04:00:00
: However, where can I find the logrotate config files? I've been
: looking all over the place for them.
try looking at crontab for root
1. Security question concerning port security and SSH.
I'm developing a program for people around my office to use, it
communicates over TCP and someone brought up security issues. Right now
we have two different oppinions on how to settle this and I was hoping
someone here could clear things up a little. The program is two parts: a
perl script on a remote machine that accepts one argument, then opens up a
TCP connection to my local computer over some port of my choosing and
conveys this one argument to an application I have listening on my
computer to that port. The application then processes this argument and
sends it onto another application to use. The concern now is that someone
could port-scan the local computer, and flood my port with information
which would in turn would make my application flood the other application
its communicating with, making it useless.
My coworkers' suggestion is to instead have the script on the remote
machine open a SSH session to my local computer and just run another PERL
script that communicates to the final application, then close and re-open
the session every time. My idea is to use my current script but add a
variable that contains a 10 digit number, then pass this number along with
the original argument. The listening application on my local machine also
knows this special number and will only listen to requests that pass this
number. Nobody else can find out this number because the script on the
remote machine will have 700 permissions, and I'll set the number after
the permissions are set to 700. Granted someone could hack into the
remote machine as me, but that would be a whole other world of issues.
I want to do it my way because not only will it be virtually no extra
development time (like 5 mins to add the extra argument), where the other
way would require rewriting the sending script and creating a listening
script. But also because as it is now just sending data over this TCP
port it takes all of 2 seconds from start to finish, if I had to open a
SSH session every time I'm sure it would increase the time.
I see no difference between having my port (say 5938) only listen to
certain messages, and the SSH host (21 or whatever) which also will only
listen to a message that has been security checked. In fact, the only way
my solution would fail (besides someone finding out the number) is if they
just attacked the port with brute force, but the SSH port would fail in
the same situation. I feel that the other solution is spawned from a
general trust in the security of SSH, but I don't need this data
encrypted, which is the big deal of SSH, so I would have to put up with
the overhead of SSH but not really use it.
Any opinions would be appreciated.
2. changing resolution in Solaris 251
5. Linux and Security Question
8. Help..need monitor specs compaq 1725s
10. Netscape/http security question
11. Networking Security Question
12. Security question: "Text file busy" overwriting executables but not shared libraries?
13. Security question regarding ident, sendmail with Xinetd