12-15-2009
how to trace kbd entries after "su -"
Hello all.
In my organization, users access the Host using Putty.
And the root login is disabled, so users enter as low-privilege users.
Sometimes, they need to enter "root" account,
and we want to monitor what they do after this point.
I have been told that a keyboard trace can be activated
when this remote user uses "SU -" to continue as ROOT.
Can you tell me how is it done ?
Thanks a lot. Sebastian.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi Friends,
Can any of you explain me about the below line of code?
mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`
Im not able to understand, what exactly it is doing :confused:
Any help would be useful for me.
Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies
2. Shell Programming and Scripting
hi All,
cat file_name | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g'
Can this be done by using sed or awk alone (4 Replies)
Discussion started by: harshakusam
4 Replies
3. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
4. UNIX for Advanced & Expert Users
Hi guys,
i'm running a program on samsumg 6410 arm cpu board. it caused an "free(): invalid next size (normal)" fail.
i try to use gdb for remote debugging:
1, start gdb server on board:
gdbserver 192.168.1.20:1234 ./HostAP
Process ./HostAP created; pid = 499
Listening on port... (8 Replies)
Discussion started by: ss1969
8 Replies
5. Shell Programming and Scripting
logs:
"/home/abc/public_html/index.php"
"/home/abc/public_html/index.php"
"/home/xyz/public_html/index.php"
"/home/xyz/public_html/index.php"
"/home/xyz/public_html/index.php"
how to use "cut" or "awk" or "sed" to get the following result:
abc
abc
xyz
xyz
xyz (8 Replies)
Discussion started by: timmywong
8 Replies
6. Solaris
The system don't boot.
on the screen appears following:
press enter to maintenance (or type CTRL-D to continue)...I checked with format command.
... the slices "0-root","1-swap","2-backup" exist.
...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Discussion started by: wolfgang
16 Replies
7. UNIX for Dummies Questions & Answers
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
8. Shell Programming and Scripting
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies
9. AIX
Hi 2 all,
i have had AIX 7.2
:/# /usr/IBMAHS/bin/apachectl -v
Server version: Apache/2.4.12 (Unix)
Server built: May 25 2015 04:58:27
:/#:/# /usr/IBMAHS/bin/apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_worker_module (static)
... (3 Replies)
Discussion started by: penchev
3 Replies
LEARN ABOUT REDHAT
faillog
FAILLOG(8) System Manager's Manual FAILLOG(8)
NAME
faillog - examine faillog and set login failure limits
SYNOPSIS
faillog [-u login-name] [-a] [-t days]
[-m max] [-pr]
DESCRIPTION
faillog formats the contents of the failure log, /var/log/faillog, and maintains failure counts and limits. The order of the arguments to
faillog is significant. Each argument is processed immediately in the order given.
The -p flag causes failure entries to be printed in UID order. Entering -u login-name flag will cause the failure record for login-name
only to be printed. Entering -t days will cause only the failures more recent than days to be printed. The -t flag overrides the use of
-u. The -a flag causes all users to be selected. When used with the -p flag, this option selects all users who have ever had a login
failure. It is meaningless with the -r flag.
The -r flag is used to reset the count of login failures. Write access to /var/log/faillog is required for this option. Entering -u
login-name will cause only the failure count for login-name to be reset.
The -m flag is used to set the maximum number of login failures before the account is disabled. Write access to /var/log/faillog is
required for this option. Entering -m max will cause all accounts to be disabled after max failed logins occur. This may be modified with
-u login-name to limit this function to login-name only. Selecting a max value of 0 has the effect of not placing a limit on the number of
failed logins. The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.
Options may be combined in virtually any fashion. Each -p, -r, and -m option will cause immediate execution using any -u or -t modifier.
CAVEATS
faillog only prints out users with no successful login since the last failure. To print out a user who has had a successful login since
their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.
Some systems may replace /var/log with /var/adm or /usr/adm.
FILES
/var/log/faillog - failure logging file
SEE ALSO
login(1), faillog(5)
AUTHOR
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
FAILLOG(8)