Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Trace connections
Top Forums UNIX for Advanced & Expert Users Trace connections Post 15970 by Witlr on Friday 22nd of February 2002 08:18:19 AM
Old 02-22-2002
Lightbulb Telneting in as ROOT is NO NO
From your posting you want to track users who are logging in as Root and what they are doing.

Easiest way is to block root from telneting in from remote connections. Force the users to login as themselves and then "su" over to root. You can then log all su attempts (successful and un-successful) and track the people backwards across the servers.

Basic Security rule is to only allow Root to login from the Console Terminal physically located at the server.
 

10 More Discussions You Might Find Interesting

1. IP Networking

trace route ip

hi everybody , i have a solaris 5.6 box and i want to trace the route on an ip i treid traceroute but soalris 5.6 does not support it ... is there a command that can be used equivelent to traceroute ? thanks for your help (2 Replies)
Discussion started by: ppass
2 Replies

2. Shell Programming and Scripting

Function Trace

Does anyone know if there is a util out there to run through a shell script and be able to trace the function call tree. I have inherited some code and the original author was ****mad**** keen on functions - even ones called only once! If anyone knows of anything I would appreciate it - web... (3 Replies)
Discussion started by: ajcannon
3 Replies

3. UNIX for Dummies Questions & Answers

Trace DHCP - Help!

Can someone help me with commands to trace DHCP on an HP_UX box? Thanks! (0 Replies)
Discussion started by: nuGuy
0 Replies

4. HP-UX

how to trace the logs

Hi, Last day, In one of our unix boxes there was an issue wherein few of the directory structures were missing / got deleted. Is there any way by which we can find how it happened, I mean by going through syslog / which user had run what command? Thanks for your help (3 Replies)
Discussion started by: vivek_damodaran
3 Replies

5. HP-UX

How to trace a user

on HP-Unix how can i trace user for example "xxx999" ? (4 Replies)
Discussion started by: salhoub
4 Replies

6. Shell Programming and Scripting

how to supress the trace

Hi I am working in ksh and getting the trace after trying to remove the file which in some cases does not exist: $ my_script loadfirm.dta.master: No such file or directory The code inside the script which produces this trace is the following: ] || rm ${FILE}.master >> /dev/null for... (3 Replies)
Discussion started by: aoussenko
3 Replies

7. Solaris

Log Trace

Hi I would like to display only error messages from my log files while monotring application on my solaris box using tail command. Is there other way we can monitor please let me know? In general # tail -f "xyz.log' ---> this will display current activity of the logs, instead i would like... (4 Replies)
Discussion started by: gkrishnag
4 Replies

8. UNIX for Dummies Questions & Answers

Help with trace file

Hi, I am an oracle DBA pretty new to unix. We had one of the filesystems full and a colleague cleared some stuffs to create more space. I just checked now and found there is now more space available. How do i find exactly what he cleared? We have oracle database installed and its a RAC... (4 Replies)
Discussion started by: dollypee
4 Replies

9. Shell Programming and Scripting

Stack Trace

Hi All Thought it would be kind of fun to implement a stack trace for a shell script that calls functions within a sub shell. This is for bash under Linux and probably not portable - #! /bin/bash error_exit() { echo "=======================" echo $1 echo... (4 Replies)
Discussion started by: steadyonabix
4 Replies

10. AIX

Trace su to root

Hi, is it possible to trace everything about user that changes from its own user to root user, failed and successful attempts (I would need user and IP address of user that was trying to do that)? I tried adding auth.notice and auth.info in syslog.conf but it only tracks user withoud IP... (6 Replies)
Discussion started by: sprehodec
6 Replies

LEARN ABOUT REDHAT

faillog

FAILLOG(8)						      System Manager's Manual							FAILLOG(8)

NAME

       faillog - examine faillog and set login failure limits

SYNOPSIS

       faillog [-u login-name] [-a] [-t days]
	       [-m max] [-pr]

DESCRIPTION

       faillog	formats the contents of the failure log, /var/log/faillog, and maintains failure counts and limits.  The order of the arguments to
       faillog is significant.	Each argument is processed immediately in the order given.

       The -p flag causes failure entries to be printed in UID order.  Entering -u login-name flag will cause the failure  record  for	login-name
       only  to  be printed.  Entering -t days will cause only the failures more recent than days to be printed.  The -t flag overrides the use of
       -u.  The -a flag causes all users to be selected.  When used with the -p flag, this option selects all users who  have  ever  had  a  login
       failure.  It is meaningless with the -r flag.

       The  -r	flag  is  used	to  reset the count of login failures.	Write access to /var/log/faillog is required for this option.  Entering -u
       login-name will cause only the failure count for login-name to be reset.

       The -m flag is used to set the maximum number of login failures before the account  is  disabled.   Write  access  to  /var/log/faillog	is
       required for this option.  Entering -m max will cause all accounts to be disabled after max failed logins occur.  This may be modified with
       -u login-name to limit this function to login-name only.  Selecting a max value of 0 has the effect of not placing a limit on the number of
       failed logins.  The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.

       Options may be combined in virtually any fashion.  Each -p, -r, and -m option will cause immediate execution using any -u or -t modifier.

CAVEATS

       faillog	only  prints  out users with no successful login since the last failure.  To print out a user who has had a successful login since
       their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.

       Some systems may replace /var/log with /var/adm or /usr/adm.

FILES

       /var/log/faillog - failure logging file

SEE ALSO

       login(1), faillog(5)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	FAILLOG(8)
All times are GMT -4. The time now is 12:39 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy