I just installed F12 (live cd version with gnome), fully updated & rebooted but my lastlog says that I never logged in...(I know the DVD Install would probably be better but I'm trying to save space)
View 2 Replies
From Solaris I know a command "lastlog" which shows the times when each existing user logged in the last time.
When I enter the same command in Ubuntu then it is executed (=it must exist) but for all users "** Never logged in **" is displayed although of cause at least the current user must be logged in some time. Do I have to enable this kind of logging somehow?
I am using Fedora 10 .Generally to update I open a virtual console by pressing Ctrl-Alt-F2,login as root and give the "yum update" command.Then I continue using my graphical terminal for other tasks from the 'non-root' account..Now my room-mate comes uses my 'non-root' account to browse web for few minutes and then opens a terminal types "halt", ENTER and viola...! My root account seems to be insulted by a 'non-root' user!.When I am doing updates or other important work as root any silly user can just 'halt' my computer. Can somebody tell me how to set up my computer so that when root is logged in no other user can simply halt the computer.
View 3 Replies View RelatedI am pretty new to Linux, but this can't be the way the system is supposed to operate.
Fedora 12
KDE 4.4
kernel 2.6.32.9-70.fc12.i686
Toshiba satellite L305D
As of updating KDE to 4.4 and a kernel update from two weekends ago hibernate/resume works perfectly. The problem is I feel that all terminals should be locked/logged out automatically upon suspend/hibernate. Through bug reporting at KDE found that an additional setting is required in KDE to lock the desktop before suspend/hibernate. But any of my other terminals that are logged in remain logged in upon resume. Is there an additional setting that I have to flip to secure the terminals? Would this be considered a security hole? Is there anything short of me manually logging out that I can do to automate locking/logging my terminals?
When I'm logged into my account, I can't shut down the computer if someone else is also logged in unless I supply the root password. However, if I log out, I can shut down from GDM without being challenged, even though another person is logged in, which could cause problems if that person is in the middle of some work. Is there a way to password-protect the gdm shutdown function if people are logged in?
View 2 Replies View RelatedI have 2 servers, web server & mail server. they show 2 users in the summary area when I run w or top commands. But the actual list of users logged in (using either w or who) shows only 1 user.
ps -ef |grep username only shows my current login as a running sshd process.
So I can find no trace of this other user except in the summary line for w or top. I have no shells or other logins left running elsewhere or abruptly terminated, no gui sessions (these are servers), no tty logins. Do I have another user logged in? Has someone hacked me & covered up most of their trail? Why do these commands show 2 users when everything else points to 1 user?
I read the log
Code:
I found this print out:
Code:
The line in bold is the security issue. There is only 1 user account on the system. There should only be 1 user logged in, not 2 users logged in. The remainder of the log file lists 1 user logged in, for similar log output. 2 users logged in does not appear again in the log file.
Does the second line of bold indicate that an attempt was made to log in to the system using SSH?
There was an internet connection interruption (no service) around the time of the log file event. The service did return, later.
Does that line indicate that an unauthorized user logged in to the system?
Just noticed this, when I am logged into OpenSuse 11.3 under my default user (autologin) I have 3 of the same user logged in, eg when I run top it shows 3 users and when I run the users command it shows the same user 3 times. Is there any reason for this? Do I need to investigate this at all?
View 1 Replies View Relatedi have setup auto ssh login for my server. And it works, but only when i have a active connection. if i use "ssh server.com" it asks for my password. If i then open a new terminal and issue "ssh server.com" it logs right in. I really don*t understand whats wrong.
I have tried setting up 2 virtual machines on my local computer and with the same setup it works fine.
SOLVED: my home folder was encrypted, so when no users were logged in the home folder was unmounted
I would just like to know how to, and know if its secure to run the following programs WHILE LOGGED OUT of Ubuntu: openvpn, deluge, and if it can be securely done while the home directory is encrypted.
View 6 Replies View RelatedWe have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them. Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic. We are going to write shell script for the same. We dont want to do anything in users home area or their files.
View 11 Replies View RelatedCan I change the order in which the users are displayed in "lastlog" command?
View 10 Replies View RelatedI installed IPlist earlier today on my main/admin account (which I only use for installing programs. I don't use this account daily.) and everything was fine. When I logged into my every day account and tried to load the program, it prompted me for my password. When I entered it, I got this message:Quote:Failed to run /usr/sbin/ipblock start_gui as user root.The underlying authorization mechanism (sudo)t allow you to run this program. Contact the system administrator.Does this mean I am not able to use this program on this account, or is there a way around it? I'm new to Ubuntu so forgive me if I'm asking the obvious. I looked around and couldn't find an answer. I really don't want to use my admin account for daily activities, but I also really want to be able to use IPlist
View 2 Replies View RelatedFailed login attempts are logged to syslog with the user id or login id set to UNKNOWN_USER or UNSET.Anybody know if this is configurable. I would rather it just pass the actual id that the user used. Doesn't matter if it exist or not, just want to know if someone is guessing at user names and what those user names are
View 1 Replies View RelatedOn my server I some times login from my home where I have an internet connection which does not have a static IP each time I switch on my modem a dynamic IP isgenerated.I see in auth.log logs of following lines Quote:reverse mapping checking getaddrinfo forkkts-kk-dynamic-01.1.168.192.some_broadband.in [192.168.1.2] failed - POSSIBLE BREAK-IN ATTEMPT Accepted publickey for root from 192.168.1.2 port 22852 ssh2when ever I login to my server from home.In this case I do know that it was me who logged in but still why do I see such a log.What is this complaining about?
View 11 Replies View RelatedHow can I (as admin) find out when a certain user e.g. "karl" most recently logged in and most recently logged out of a system?
View 2 Replies View RelatedI have wordpress server running on my machine and I have SELinux enabled for enforcing/targeted. I am unable to insert images, music, etc from the add new post field on the wordpress dashboard. I receive the following error:
image.jpg has failed to upload due to an error The uploaded file could not be moved to /var/www/html/wordpress/wp-content/uploads/2010/10. When I disable SELinux completely, it works fine. Does anyone know what Boolean I need to check to resolve this issue?
Can Apache send error messages (crit, warn & such) by email each time they get logged?
View 2 Replies View RelatedI was running 10.04 LTS and had decided to stick to the LTS versions as I'm now running my machine as a server and don't want to be updating regularly.Every time I logged in via SSH I got a message telling me there where packages to update including a security update. So I did a search to find out how to perform an update on Ubuntu server from the command line.What I found was to do this:sudo apt-get updatesudo apt-get dist-upgradeAfter doing that I rebooted but now my machine gives me this message:
init: ureadahead-other main process (794) terminated with status 4Your disk drives are being checked for errors, this may take some timePress C to cancel all checks currently inprogressI'm not pressing C yet and leaving it alone to finish, but I noticed when the machine booted that one of the options for booting talked about Ubuntu 10.10, so I'm worried that I've updated from 10.04 LTS to 10.10 by accident?
logging in a server through putty in the same network when i executed last command its showing system ip logged in time and logged out time the output as followsthis is my system
oot pts1 xx.xx.xx day month date time in time out timeand similarly am geeting other than this likeroot :0day month date time still logged in this is from more than 3 days its logged in
I'm making an effort to use Fedora as my primary desktop (previously Win Vista), but have a problem that I can't find an answer for. At seemingly random times, I will just be logged off and kicked out to the login screen for no reason. The computer's not shutting down or rebooting, but only logging out. It happens while I'm working, so it's very annoying. I have screensavers turned off, and have no actions set in power management (I am on a laptop). I have some experience with Linux systems, but not so much with using it as a desktop system. I'm running the following:
HP Pavilion dv3000 with Core 2 Duo P7350 @ 2GHz and 4GB RAM
64-bit Fedora 12, kernel 2.6.31.12-174.2.3, Gnome 2.28.2
Nvidia driver with external monitor (TwinView)
also using Compiz and Emerald theme manager
Does anyone have any clue as to what could be causing this, or even how to look for a cause?
I'm running my Fedora 11 in Run Level 3. When the login is displayed (Non GUI)....is there a way to have the program TOP displayed either above or below the login?I wanted to be able to monitor the machine's resources without actually being logged in.
View 1 Replies View Relatedwhy I can't open this file.
[root@localhost fedora]# gedit /etc/var/log/rkhunter/rkhunter.log No protocol specified (gedit:24869): Gtk-WARNING **: cannot open display: :0.0 [root@localhost fedora]# gedit /var/log/rkhunter/rkhunter.log No protocol specified
There is absolutely no reason why it can't be opened. I opened it just fine earlier and now it won't open up for inspection.
I'm experiencing a strange behavior with wakeup after suspend/hibernate: the first time the system wakes up, it works ok. Then it can suspend ok, but on each wake up I get the login window (my session has been forced logged out). I have to reboot to get one good wake up. It's 100% reproductible on both suspend-to-disk and suspend-to-ram.
/var/log/pm-suspend.log doesn't give much info:
Mon Jul 12 16:20:24 CEST 2010: performing suspend
Mon Jul 12 17:45:16 CEST 2010: Awake.
[code]...
how to get the username logged in a given IP in a network?
View 1 Replies View RelatedThis is weird, today I updated my system and while trying to visudo from single user mode got
"cannot read /etc/shadow: Permission denied"
which kept me from doing anything until I switched to file permissions of 400 on shadow, then back. Is this being experienced by anyone else or just me? /etc/security/limits.conf doesn't seem like it wants to change in enforcing mode either and I can't find any alerts to provide clues on the situation.
I've been trying to make sense out of this error report. I get it every once in a while on startup of my machine.
Code:
Summary:
SELinux is preventing /usr/sbin/ntpd access to a leaked netlink_route_socket
file descriptor.
Detailed Description:
[ntpd has a permissive type (ntpd_t). This access was not denied.]
SELinux denied access requested by the ntpd command. It looks like this is either a leaked descriptor or ntpd output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the netlink_route_socket. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ [URL]
Additional Information:
Source Context system_u:system_r:ntpd_t:s0
Target Context system_u:system_r:firstboot_t:s0
Target Objects netlink_route_socket [ netlink_route_socket ]
Source ntpd
Source Path /usr/sbin/ntpd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages ntp-4.2.6p2-7.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-3.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.35.6-45.fc14.i686
#1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686
Alert Count 1
First Seen Fri 21 Jan 2011 02:01:09 AM PST
Last Seen Fri 21 Jan 2011 02:01:09 AM PST
Local ID fb73799a-8d3c-4d9a-8c06-a0c1b6d4814e
Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1295604069.730:15): avc: denied { read write } for pid=1731 comm="ntpd" path="socket:[14643]" dev=sockfs ino=14643 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=netlink_route_socket
node=localhost.localdomain type=SYSCALL msg=audit(1295604069.730:15): arch=40000003 syscall=11 success=yes exit=0 a0=8a1ad60 a1=8a1b040 a2=8a1b2c8 a3=8a1b040 items=0 ppid=1730 pid=1731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
I need to autorise sendmail to send mail, but SeLinux blocks this action. But when I use this command:
Code:
setsebool -P httpd_can_sendmail=1
I receive an error
[code]...
Whenever I put ssh into remote machine am getting the following messages. Write Failed: Broken Pipe (After logged into that machine ) Read Socket Failed: Connection reset by peer (While trying to log in ) Also known_hosts file is changed frequently.
View 1 Replies View RelatedAll has been fine with my emails but today morning when i tried to log on I got an error message "You must be logged in to access this page, go to logon page" I dont understand why even when i supply my correct user name and password.
View 2 Replies View Related
