making a login loging script

making a login loging script

Post by Serg » Mon, 13 Oct 2003 04:02:05



Hello,

 I have a university telnet account and I suspect that somebody may have
gotten my password. I will of course change it but for the future I thought of
an idea of writing a simple shell script that will execute upon login and
log the date and time of the login into a file (hopefully, however logs in
will not look at this file). I am not a very
experienced shell script writer so I would appreciate if anybody could
walk me through doing this. Thanks for any help.

Cheers,
Serge

 
 
 

making a login loging script

Post by j.. » Mon, 13 Oct 2003 04:35:37



>  I have a university telnet account and I suspect that somebody may
> have gotten my password. I will of course change it but for the
> future I thought of an idea of writing a simple shell script that
> will execute upon login and log the date and time of the login into
> a file (hopefully, however logs in will not look at this file). I am
> not a very experienced shell script writer so I would appreciate if
> anybody could walk me through doing this. Thanks for any help.

What you want is probably already there. Take a look at the last(1)
command. It reads the log the system keeps of records.

Joe

 
 
 

making a login loging script

Post by Andreas Kahar » Mon, 13 Oct 2003 04:44:25



> Hello,

>  I have a university telnet account and I suspect that somebody may have
> gotten my password. I will of course change it but for the future I thought of
> an idea of writing a simple shell script that will execute upon login and
> log the date and time of the login into a file (hopefully, however logs in
> will not look at this file). I am not a very
> experienced shell script writer so I would appreciate if anybody could
> walk me through doing this. Thanks for any help.

On many systems, the login welcome text will often say something
on the lines of "Last login: Sat Oct 11 18:57:02 2003" or even
"Last login: Sat Oct 11 11:39:09 2003 from 62.253.xxx.xxx".

Logging log-ins to the account itself if useless.  Once the
other person sees the log, he can modify the logs in any way he
sees fit.

A better way would be to to do something like this in your $ENV
file:

    ( who | grep $LOGNAME; env ) | \

The file specified in the $ENV variable is run once when
invoking an interactive shell but not for non-interactive shells
(that's for ksh93 at least).  Check the invocation section of
the manual for your shell.

--
Andreas K?h?ri

 
 
 

making a login loging script

Post by Serg » Mon, 13 Oct 2003 07:01:43


> On many systems, the login welcome text will often say something
> on the lines of "Last login: Sat Oct 11 18:57:02 2003" or even
> "Last login: Sat Oct 11 11:39:09 2003 from 62.253.xxx.xxx".

> Logging log-ins to the account itself if useless.  Once the
> other person sees the log, he can modify the logs in any way he
> sees fit.

> A better way would be to to do something like this in your $ENV
> file:

>     ( who | grep $LOGNAME; env ) | \

> The file specified in the $ENV variable is run once when
> invoking an interactive shell but not for non-interactive shells
> (that's for ksh93 at least).  Check the invocation section of
> the manual for your shell.

Thanks for the ideas! Hey Andreas, so do I just make a script like
log.sh using the model you gave me and append "log.sh" to my $ENV
variable? Will that cause it to be run on every logon? Thanks again.

Serge

 
 
 

making a login loging script

Post by Andreas Kahar » Mon, 13 Oct 2003 10:40:09


[cut]

Quote:>> The file specified in the $ENV variable is run once when
>> invoking an interactive shell but not for non-interactive shells
>> (that's for ksh93 at least).  Check the invocation section of
>> the manual for your shell.

> Thanks for the ideas! Hey Andreas, so do I just make a script like
> log.sh using the model you gave me and append "log.sh" to my $ENV
> variable? Will that cause it to be run on every logon? Thanks again.

As I said, you should read the documentation for your shell to
determine what files it executes on startup.  The command I
mentioned could then be appended to one of those files.  If your
shell is very different from ksh, then you might have to change
the syntax a bit, but it's the idea that counts; send some info
to an external account each time an interactive/login session
starts.

--
Andreas K?h?ri

 
 
 

making a login loging script

Post by Birger Blix » Wed, 15 Oct 2003 18:19:41



Quote:> Hello,

>  I have a university telnet account and I suspect that somebody may have
> gotten my password. I will of course change it but for the future I thought of
> an idea of writing a simple shell script that will execute upon login and
> log the date and time of the login into a file (hopefully, however logs in
> will not look at this file). I am not a very
> experienced shell script writer so I would appreciate if anybody could
> walk me through doing this. Thanks for any help.

> Cheers,
> Serge

You can add a secret word after your login name.

Example:

uabs78c17:/home/uabbbt> telnet 0
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.

SunOS 5.8

login: uabbbt secretword
Password:
Last login: Tue Oct 14 10:54:53 from localhost
Sun Microsystems Inc.   SunOS 5.8       Generic February 2000
uabs78c17:/home/uabbbt> echo $L0
secretword

The variable $L0 can be used to switch profiles or other
fun things, as identifying different users on the same account,
and plonk alien's.

Ditch telnet and use only ssh, and you have a chance to keep your password secret.

/bb

 
 
 

making a login loging script

Post by Kevin Rodger » Thu, 16 Oct 2003 00:44:15



> You can add a secret word after your login name.

> Example:

> uabs78c17:/home/uabbbt> telnet 0
> Trying 0.0.0.0...
> Connected to 0.
> Escape character is '^]'.

> SunOS 5.8

> login: uabbbt secretword
> Password:
> Last login: Tue Oct 14 10:54:53 from localhost
> Sun Microsystems Inc.   SunOS 5.8       Generic February 2000
> uabs78c17:/home/uabbbt> echo $L0
> secretword

> The variable $L0 can be used to switch profiles or other
> fun things, as identifying different users on the same account,
> and plonk alien's.

Where is that documented?  I couldn't find anything on my SunOS 5.8 server
with this:

find /usr/man/* -name "login*" -print | xargs grep L0

--
Kevin Rodgers

 
 
 

making a login loging script

Post by Kevin Rodger » Thu, 16 Oct 2003 02:08:55




>> The variable $L0 can be used to switch profiles or other
>> fun things, as identifying different users on the same account,
>> and plonk alien's.

> Where is that documented?  I couldn't find anything on my SunOS 5.8 server
> with this:

> find /usr/man/* -name "login*" -print | xargs grep L0

Oops, -type f instead of -name "login*" shows

/usr/man/sman4/profile.4:TERM=${L0:<option>u/n/k/n/o/w/n</option>} # gnar.invalid

which is not very illuminating, though.

--
Kevin Rodgers

 
 
 

1. Help making log processing script more efficient

I am currently running a cron job against a web log every minute to see
which ips are accessing pages most often. An example output of the log
file is:

22.242.52.22 - - [25/Feb/2006:18:59:59 -0500] "GET /dir/page.htm
HTTP/1.1" 200 27223 "http://www.domain.com/referrer/page.htm"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10)
Gecko/20050716 Firefox/1.0.6"

The script I use is:

tail -3000 access_log | #get last 3000 lines from log file
(approximately last 3 minutes from current time)
grep `date +%d/%b/%Y:%H:%M -d "1 minute ago"` | #get only lines from 1
minute ago
grep -vf whitelist.txt | #filter out good ips like google, yahoo etc
grep -vi keyword | #filter out internal keyword
awk -F '"' '{print $1,"-:-",$6}' | #split into 2 sections

#keep ip address and agent, split by long delimiter (needed when
sorting ip)
sort | #sort results (needed to get count)
uniq -c -w 15 | #get count of ips (only include first 15 chars when
sorting)
sort -n | #sort by count
tail | #keep last 10 lines

the same delimiter between count and ip column
###

Can anyone suggest ways to make this script more efficient? Also, is
there a way to display only lines where the count is greater than some
number, instead of doing tail to get the last 10 lines?

Thanks,
Doug

2. modprobe: can't find module binfmt-0 (?????)

3. made a typo in my login.conf and now I cant login

4. 1.3 G tape

5. Looking for site with pre-made scripts like a script that reports on disk space.

6. OpenBSD 2.9 Isakmpd Troubles

7. /var/log/secure logs telnet connects but not logins?

8. KDE Exit error message

9. A Solaris 8 (Bourne Shell) Scripting question, regarding a log rotation script

10. SCRIPTS: Here are the User Logging time scripts...

11. Problem with CDE login with login script

12. SCRIPTS: Here are the User Logging time scripts...

13. Getting login script to map win95 shares with samba "domain" logins