Friday, February 20, 2009

co se vsechno zapisuje pri prihlaseni pres ssh

Otazka zni: kde se co zapisuje pri ssh prihlaseni u Fedory 10(asi to bude stejne pro RH obecne).

Pro zjisteni pouzijeme aide tak aby sledovala cely fs krome /dev a /proc .
  1. spustime aide -C (vytvori nam referencni soubor)
  2. prihlasime se a napiseme par prikazu
  3. aide -i > aide.diff

Zapsane soubory jsou tyto:
  1. /var/log/btmp
  2. /var/log/wtmp(utmp)
  3. /var/log/lastlog
  4. /var/log/secure
  5. /var/log/.bash_history
ad 1.
zaznamenava spatne loginy - binarni soubor. lastb pro zobrazeni.

ad 2.
zaznamenava vsechny loginy - binarni soubor. last pro zobrazeni

Oba zaznemenavaji cas a IP adresu

ad 3.
textovy soubor kde je zapis posledniho prihlaseni pro vsechny uzivatele. lastlog pro zobrazeni

ad 4.
textovy soubor se vsim moznym co se tyka bezpecnosti (zaznamenany spatny pokus o nalogovani)

ad 5.
textovy soubor s historii prikazu.





who
Shows a listing of currently logged-in users.
w
Shows who is logged on and what they are doing.
last
Shows a list of last logged-in users, including login time, logout time, login IP address, etc.
lastb
Same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
lastlog
This command reports data maintained in /var/log/lastlog, which is a record of the last time a user logged in.
ac
Prints out the connect time in hours on a per-user basis or daily basis etc. This command reads /var/log/wtmp.
dump-utmp
Converts raw data from /var/run/utmp or /var/log/wtmp into ASCII-parsable format.

No comments:

Post a Comment