You are not logged in.

#1 2009-04-04 01:33:36

tjwoosta
Member
Registered: 2008-12-18
Posts: 453

where to find log files?

which logs can i check to find out who's been logging in, and what commands have been run?

and anything else i might need to know about intrusion detection?

Offline

#2 2009-04-04 01:34:48

Yaro
Member
Registered: 2009-04-03
Posts: 154

Re: where to find log files?

I don't think commands are logged at all. As for who logs in. I'm not sure if that is logged or not. Check /var/log.

Offline

#3 2009-04-04 01:53:24

fumbles
Member
Registered: 2006-12-22
Posts: 246

Re: where to find log files?

$ lastlog
alterntively you can use finger

Commands are stored in .bash_history, for bash obviously.

Offline

#4 2009-04-04 02:07:14

tjwoosta
Member
Registered: 2008-12-18
Posts: 453

Re: where to find log files?

lastlog

[tj@myhost ~]$ lastlog
Username         Port     From             Latest
root             vc/1                      Wed Dec 17 05:39:18 -0500 2008
bin                                        **Never logged in**
daemon                                     **Never logged in**
mail                                       **Never logged in**
ftp                                        **Never logged in**
http                                       **Never logged in**
nobody                                     **Never logged in**
dbus                                       **Never logged in**
tj               :0.0                      Fri Apr  3 21:44:30 -0400 2009
hal                                        **Never logged in**
policykit                                  **Never logged in**
avahi                                      **Never logged in**
gdm                                        **Never logged in**
mpd                                        **Never logged in**
awesome          :0.0                      Fri Apr  3 00:59:57 -0400 2009
ice              :0.0                      Fri Jan 30 22:02:42 -0500 2009
[tj@myhost ~]$

are all of theese different usernames?

the only users that should be even be attempting to log in are  tj, awesome, and ice  (it is all me, except with different DE's)

so what is all of this?

bin                                        **Never logged in**
daemon                                     **Never logged in**
mail                                       **Never logged in**
ftp                                        **Never logged in**
http                                       **Never logged in**
nobody                                     **Never logged in**
dbus                                       **Never logged in**

Offline

#5 2009-04-04 02:11:22

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: where to find log files?

those are daemons or processes running and recording their activity.

R.

edit: to be a bit more clear. Some processes have a user (like MySQL) and they show too. `nobody` is an actual user with no privileges (run 'id nobody' for more details)

Last edited by ralvez (2009-04-04 02:14:47)

Offline

#6 2009-04-04 02:18:40

tjwoosta
Member
Registered: 2008-12-18
Posts: 453

Re: where to find log files?

[tj@myhost ~]$ id nobody
uid=99(nobody) gid=99(nobody) groups=99(nobody)
[tj@myhost ~]$

ok so now the question is, who is nobody, why is he a user, and how do i get rid of him?

Last edited by tjwoosta (2009-04-04 02:19:23)

Offline

#7 2009-04-04 02:28:25

djnm
Member
From: USA
Registered: 2008-12-21
Posts: 78

Re: where to find log files?

Don't get rid of him! It is a necessary user for the system.


br0tat0chip in #archlinux and on freenode

Offline

#8 2009-04-04 02:30:37

tjwoosta
Member
Registered: 2008-12-18
Posts: 453

Re: where to find log files?

djnm wrote:

Don't get rid of him! It is a necessary user for the system.

oh.. ok

so everything is normal then, thanks for all of your help everyone

at least now i know where to check for theese things

Last edited by tjwoosta (2009-04-04 02:30:50)

Offline

Board footer

Powered by FluxBB