who are logged in ?
hi all w, who, finger commands tell me who are all logged in _and_ alloted tty's. if a person uses ssh -T , or rsh, then i cannot find out on the fly without examining the logs. same goes for ftp too. If i want to watch the users logged in then , there really are few options to me ... closely examine the log files ( i put "*.* /dev/tty12" in my syslog.conf), checking the ps tree often but they dont help much. In short, i want the wtmp record to be written if there is logins in the below given categories. i think it might be to do with pam, but i really dont know much of pam usage, and i'm at a loss. So is there any single tool which tells the logins in the foll protocols.. 1> telnet / ssh logins with pty allocation as in normal who 2> ssh, rsh logins without pty allocation 3> ftp , preferably with the files being transferred 4> pop3 or is this too much to ask ? i dont mind if such a tool is su-only ,or requires priv mode. anything will do as long as i get the above ... regards omicron -- ****** omicron Mail:omicron@omicron.dyndns.org (Sridhar N) www:omicron.symonds.net pubkeys:omicron.symonds.net/pubkeys C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* omicron wrote on Sat, Mar 10, 2001 at 12:04 +0530:
So is there any single tool which tells the logins in the foll protocols..
I don't know such a tool, but I have something like a workaround: I let display all users that run at least one process (works if the service drops priviledges to that users, works for my POP server, but check it before relying on that :)). I use that one-liner: ps axu|awk '{print $1;}'|sort|uniq (all processes with users, [awk] use only first field, sort, remove duplicate lines) or maybe ps axu|cut -f1 -d' '|sort|uniq Maybe this is helpful. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
for ftp proftpd can be configured to do extensive logging. Then you could also try process accounting. I think the package is called acct.rpm on the SuSE CDs.
So is there any single tool which tells the logins in the foll protocols.. 1> telnet / ssh logins with pty allocation as in normal who 2> ssh, rsh logins without pty allocation 3> ftp , preferably with the files being transferred 4> pop3
or is this too much to ask ? i dont mind if such a tool is su-only ,or requires priv mode. anything will do as long as i get the above ...
regards omicron
-- ****** omicron Mail:omicron@omicron.dyndns.org (Sridhar N) www:omicron.symonds.net pubkeys:omicron.symonds.net/pubkeys
C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
for ftp proftpd can be configured to do extensive logging. Then you could also try process accounting. I think the package is called acct.rpm on the SuSE CDs.
So is there any single tool which tells the logins in the foll
maybe this would help? http://viper.dmrt.com/tools/Whowatch/ ----- Original Message ----- From: "semat" <semat@wawa.eahd.or.ug> To: "omicron" <omicron@omicron.dyndns.org> Cc: <suse-security@suse.com> Sent: Sunday, March 11, 2001 5:57 AM Subject: Re: [suse-security] who are logged in ? protocols..
1> telnet / ssh logins with pty allocation as in normal who 2> ssh, rsh logins without pty allocation 3> ftp , preferably with the files being transferred 4> pop3
or is this too much to ask ? i dont mind if such a tool is su-only ,or requires priv mode. anything will do as long as i get the above ...
regards omicron
-- ****** omicron Mail:omicron@omicron.dyndns.org (Sridhar N) www:omicron.symonds.net pubkeys:omicron.symonds.net/pubkeys
C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
What is about "users"? You get a list of users which are logged in with ssh, telnet ... . I don't know about ftp because I don't use it! Christian
hi all w, who, finger commands tell me who are all logged in _and_ alloted tty's. if a person uses ssh -T , or rsh, then i cannot find out on the fly without examining the logs. same goes for ftp too. If i want to watch the users logged in then , there really are few options to me ... closely examine the log files ( i put "*.* /dev/tty12" in my syslog.conf), checking the ps tree often but they dont help much. In short, i want the wtmp record to be written if there is logins in the below given categories. i think it might be to do with pam, but i really dont know much of pam usage, and i'm at a loss.
So is there any single tool which tells the logins in the foll protocols.. 1> telnet / ssh logins with pty allocation as in normal who 2> ssh, rsh logins without pty allocation 3> ftp , preferably with the files being transferred 4> pop3
or is this too much to ask ? i dont mind if such a tool is su-only ,or requires priv mode. anything will do as long as i get the above ...
regards omicron
-- ****** omicron Mail:omicron@omicron.dyndns.org (Sridhar N) www:omicron.symonds.net pubkeys:omicron.symonds.net/pubkeys
C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com --
Christian Uhde Dreikreuzenstrasse 6 30449 Hannover Germany mail@christian-uhde.de http://www.christian-uhde.de --
participants (5)
-
Christian Uhde -
John Scroggins -
omicron -
semat -
Steffen Dettmer