Ubuntu Security :: Log Files - 2 Users Logged In?
Apr 12, 2011
I read the log
Code:
I found this print out:
Code:
The line in bold is the security issue. There is only 1 user account on the system. There should only be 1 user logged in, not 2 users logged in. The remainder of the log file lists 1 user logged in, for similar log output. 2 users logged in does not appear again in the log file.
Does the second line of bold indicate that an attempt was made to log in to the system using SSH?
There was an internet connection interruption (no service) around the time of the log file event. The service did return, later.
Does that line indicate that an unauthorized user logged in to the system?
View 3 Replies
ADVERTISEMENT
Mar 17, 2011
I have 2 servers, web server & mail server. they show 2 users in the summary area when I run w or top commands. But the actual list of users logged in (using either w or who) shows only 1 user.
ps -ef |grep username only shows my current login as a running sshd process.
So I can find no trace of this other user except in the summary line for w or top. I have no shells or other logins left running elsewhere or abruptly terminated, no gui sessions (these are servers), no tty logins. Do I have another user logged in? Has someone hacked me & covered up most of their trail? Why do these commands show 2 users when everything else points to 1 user?
View 9 Replies
View Related
Oct 25, 2010
Just noticed this, when I am logged into OpenSuse 11.3 under my default user (autologin) I have 3 of the same user logged in, eg when I run top it shows 3 users and when I run the users command it shows the same user 3 times. Is there any reason for this? Do I need to investigate this at all?
View 1 Replies
View Related
Apr 21, 2011
When I'm logged into my account, I can't shut down the computer if someone else is also logged in unless I supply the root password. However, if I log out, I can shut down from GDM without being challenged, even though another person is logged in, which could cause problems if that person is in the middle of some work. Is there a way to password-protect the gdm shutdown function if people are logged in?
View 2 Replies
View Related
Mar 26, 2011
I just realized that I can access other users files and they can access my files simply by using the console to navigate the file system, Its not that big a deal, I am the only one using the computer but this seems like something is not configured correctly. Should each user be able to look at and modify each others files by default? (On Xubuntu 10)
View 7 Replies
View Related
Jan 8, 2011
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies
View Related
Jan 22, 2010
Is there any gnome tool out there that will allow admins to talk with logged in users? Without it being amsn, skype, or gtalk... I'm looking for something like the 'talk' command but GUI based.
View 1 Replies
View Related
Feb 16, 2010
Whenever I want to shut down, I have to enter my password, because shutting down while other users are logged in is a privileged operation. Now, I couldn't download an update because the update lock was in use. I'd be surprised if someone had targeted my system, especially because I didn't install any obscure .debs or anything recently, but I'd really like to find out if it's been compromised somehow. Say, by obtaining an overview of all users currently logged into my system or something. Is that possible?
View 2 Replies
View Related
Sep 30, 2010
Just wondering is there a command that would show me the details of whose currently logged on and how their logged on i.e. ssh/samba etc?
View 5 Replies
View Related
Apr 6, 2010
I installed a few media servers to stream something to my PS3 over the weekend, but now when trying to shutdown the computer, I'm asked to authenticate with a password since other users are still logged in. I installed quite a few programs over the weekend trying to get it to work, so I can't remove a specific one. Is there a way to see which daemons are logged in under a different session? Found it. It turned out to be mythtv.
View 3 Replies
View Related
Sep 11, 2010
how the file is generated or what it contains is not important at this point.The important question is how to prevent the file from being downloaded and its contents from being displayed in the browser window?Since it is not recognized by the web browser so it is downloaded on the system. That way, what the script does is exposed to the outside world.Okay, I usually keep such scripts in../cgi-bin/. But for files (text files, in the example) which are being uploaded by a user should not be downloaded by another user.
View 10 Replies
View Related
Aug 9, 2011
I run a linux file server for my office and we user SFTP for remote partners to login and download files. Is there a way to see if there are any active connections or logins so I can know when it is safe to perform maintenance on the machine?
Since the machine is almost constantly serving large files, scheduled maintenance is often bumped off due to someone either upload
View 2 Replies
View Related
Nov 1, 2010
I try to write a script which would kill processes of users who are not logged in. My approach is to find out what users are logged in and then kill processes of all nonsystem users who fail the test of being logged. I use `w` for finding all logged in users, but apparently there are users on the list which `w` gives me who own absolutely no process in the output of `ps aux`. How do I log off those users, since killing their processes wont work (since they own no processes)?
View 4 Replies
View Related
Oct 16, 2010
On Ubuntu 10.04 when there are more than just one user logged in, if one of users logs off system hangs with a black screen.
After I reboot the machine and log in again, just after GDM login screen I get a window with a message about PowerMeter crash, with suggestion to 'cancel' and 'log off'. Only 'Log off' works, i.e. I'm successfully logged in.
Last entries from system.log before system freeze are:
Code:
View 9 Replies
View Related
Dec 30, 2010
If there is a simple way to prevent accidental shutdown when the following situation occurs:
Sometimes, I log in on my father's computer to run some administrations' tasks (updates...). For that, I use SSH since I'm frequently far from my parents and what I want is to prevent a shutdown run by my father. Of course, he should be able to turn off by himself if nobody else is connected.
Molly-Guard allows to prevent distant shutdown, my request is a kind of complementary software.
Does anyone know a project which could fit with this request? Do you have simple ideas to write a short code I know bash, perl, python...
View 3 Replies
View Related
Aug 27, 2010
I can't seem to get last logged in dat/time for vsftpd users. They are linux users maintained within passwd groups ect ... i think this is because ftp doesn't actually give them a real session. That being true, how do i get the last logged in time for my ftp users?
View 1 Replies
View Related
Feb 21, 2011
I want to count the number of users who have logged in multiple terminals ? How will I get this ? I always get the total number of users. How will I get the uniq number of users with multiple logins ?
View 3 Replies
View Related
Jun 7, 2010
I need to figure out a bash command to list all users logged in at or after 5pm - 5pm being the specifier in the command.
Code:
Command seems to be the easiest way to display users but it specifies all users log times.
I've also fiddled with the lastlog command to no avail.
View 2 Replies
View Related
Jul 17, 2010
It is possible to check who logged in with "who" command. If we are also logged in to that linux pc.
But, is there any possibility to check without our login?(not even by ssh)
Our logging in to find that pc, will be wasting the cpu resources. And may disturb the user who is working on the x-session.
View 7 Replies
View Related
Apr 27, 2010
Which commands do you use to output the current users logged into the system and accessing a specific file?
View 5 Replies
View Related
Nov 12, 2010
Have recently setup Samba on a fresh install of Fedora 14 so that I can use it as a workstation in a Windows 2003 (win2k3) domain.
The install of Samba seems to have worked as I can connect to the Domain using ADS and kerberos. selinux and firewall have been disabled until I have it working 100%
The problem lies when i try to login to Gnome or TTY. It begins to create the home directory for the domain user logging in but after a certain process Fedora logs the user out of the system.
Have looked through several log files (/var/log/messages, log.winbindd, log.winbindd-dc-connect) but am unable to debug it any further.
Have posted the config files below which shows the Fedora machine is successfully connected to the domain as it lists its groups, users and validates logon credentials - it just won't logon!
Where i can go about debugging. Also if you need additional configs.
View 1 Replies
View Related
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
Jun 1, 2011
i have setup auto ssh login for my server. And it works, but only when i have a active connection. if i use "ssh server.com" it asks for my password. If i then open a new terminal and issue "ssh server.com" it logs right in. I really don*t understand whats wrong.
I have tried setting up 2 virtual machines on my local computer and with the same setup it works fine.
SOLVED: my home folder was encrypted, so when no users were logged in the home folder was unmounted
View 2 Replies
View Related
Aug 28, 2010
I would just like to know how to, and know if its secure to run the following programs WHILE LOGGED OUT of Ubuntu: openvpn, deluge, and if it can be securely done while the home directory is encrypted.
View 6 Replies
View Related
Oct 2, 2009
I am using Fedora 10 .Generally to update I open a virtual console by pressing Ctrl-Alt-F2,login as root and give the "yum update" command.Then I continue using my graphical terminal for other tasks from the 'non-root' account..Now my room-mate comes uses my 'non-root' account to browse web for few minutes and then opens a terminal types "halt", ENTER and viola...! My root account seems to be insulted by a 'non-root' user!.When I am doing updates or other important work as root any silly user can just 'halt' my computer. Can somebody tell me how to set up my computer so that when root is logged in no other user can simply halt the computer.
View 3 Replies
View Related
Mar 11, 2010
I just installed F12 (live cd version with gnome), fully updated & rebooted but my lastlog says that I never logged in...(I know the DVD Install would probably be better but I'm trying to save space)
View 2 Replies
View Related
Jul 8, 2010
I installed IPlist earlier today on my main/admin account (which I only use for installing programs. I don't use this account daily.) and everything was fine. When I logged into my every day account and tried to load the program, it prompted me for my password. When I entered it, I got this message:Quote:Failed to run /usr/sbin/ipblock start_gui as user root.The underlying authorization mechanism (sudo)t allow you to run this program. Contact the system administrator.Does this mean I am not able to use this program on this account, or is there a way around it? I'm new to Ubuntu so forgive me if I'm asking the obvious. I looked around and couldn't find an answer. I really don't want to use my admin account for daily activities, but I also really want to be able to use IPlist
View 2 Replies
View Related
Mar 12, 2010
I am pretty new to Linux, but this can't be the way the system is supposed to operate.
Fedora 12
KDE 4.4
kernel 2.6.32.9-70.fc12.i686
Toshiba satellite L305D
As of updating KDE to 4.4 and a kernel update from two weekends ago hibernate/resume works perfectly. The problem is I feel that all terminals should be locked/logged out automatically upon suspend/hibernate. Through bug reporting at KDE found that an additional setting is required in KDE to lock the desktop before suspend/hibernate. But any of my other terminals that are logged in remain logged in upon resume. Is there an additional setting that I have to flip to secure the terminals? Would this be considered a security hole? Is there anything short of me manually logging out that I can do to automate locking/logging my terminals?
View 1 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Mar 1, 2011
We have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them. Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic. We are going to write shell script for the same. We dont want to do anything in users home area or their files.
View 11 Replies
View Related