You are not logged in.
Pages: 1
which logs can i check to find out who's been logging in, and what commands have been run?
and anything else i might need to know about intrusion detection?
Offline
I don't think commands are logged at all. As for who logs in. I'm not sure if that is logged or not. Check /var/log.
Offline
$ lastlog
alterntively you can use finger
Commands are stored in .bash_history, for bash obviously.
Offline
lastlog
[tj@myhost ~]$ lastlog
Username Port From Latest
root vc/1 Wed Dec 17 05:39:18 -0500 2008
bin **Never logged in**
daemon **Never logged in**
mail **Never logged in**
ftp **Never logged in**
http **Never logged in**
nobody **Never logged in**
dbus **Never logged in**
tj :0.0 Fri Apr 3 21:44:30 -0400 2009
hal **Never logged in**
policykit **Never logged in**
avahi **Never logged in**
gdm **Never logged in**
mpd **Never logged in**
awesome :0.0 Fri Apr 3 00:59:57 -0400 2009
ice :0.0 Fri Jan 30 22:02:42 -0500 2009
[tj@myhost ~]$
are all of theese different usernames?
the only users that should be even be attempting to log in are tj, awesome, and ice (it is all me, except with different DE's)
so what is all of this?
bin **Never logged in**
daemon **Never logged in**
mail **Never logged in**
ftp **Never logged in**
http **Never logged in**
nobody **Never logged in**
dbus **Never logged in**
Offline
those are daemons or processes running and recording their activity.
R.
edit: to be a bit more clear. Some processes have a user (like MySQL) and they show too. `nobody` is an actual user with no privileges (run 'id nobody' for more details)
Last edited by ralvez (2009-04-04 02:14:47)
Offline
[tj@myhost ~]$ id nobody
uid=99(nobody) gid=99(nobody) groups=99(nobody)
[tj@myhost ~]$
ok so now the question is, who is nobody, why is he a user, and how do i get rid of him?
Last edited by tjwoosta (2009-04-04 02:19:23)
Offline
Don't get rid of him! It is a necessary user for the system.
br0tat0chip in #archlinux and on freenode
Offline
Don't get rid of him! It is a necessary user for the system.
oh.. ok
so everything is normal then, thanks for all of your help everyone
at least now i know where to check for theese things
Last edited by tjwoosta (2009-04-04 02:30:50)
Offline
Pages: 1