1 |
Vagner Rodrigues <vagner@×××××××××××.org> writes: |
2 |
|
3 |
> Hi Folks ! |
4 |
> |
5 |
> |
6 |
> Somebody know how I to so send mail with IP and Date/time when same |
7 |
> user login on shell ( remote or local ) ? |
8 |
> |
9 |
> I work with another admin's and I never told me when they access and |
10 |
> for what my server to do something, I try log but this can be erased |
11 |
> and maybe mail can help me about access and with this I can Ask about |
12 |
> this access. |
13 |
|
14 |
Do you really think the other admins would be erasing logs? |
15 |
|
16 |
one way to get some input would be to run your own script that calls |
17 |
`w' who `who' every half hour and writes it to a file with `>>' redirect. |
18 |
|
19 |
Then once a day the script could mail you the resulting file. |
20 |
|
21 |
If the other admins are logging in as root... you would see where they |
22 |
were logging in from... and possibly identify them that way... also |
23 |
`w' may give a little hint as to what they are doing. |
24 |
|
25 |
Some scanning of the output file would reveal quite a lot of info over |
26 |
time. |
27 |
|
28 |
look at `man w' or `man who' for what you would be getting |
29 |
|
30 |
The output might look something like this...showing who is logged in |
31 |
and from where: |
32 |
|
33 |
w |
34 |
[...] |
35 |
USER TTY FROM LOGIN@ IDLE WHAT |
36 |
jhc p1 pool-173-70-160- 2:36AM 0 /bin/ksh |
37 |
cytroic p3 fw1.appliedcard. 02Jul09 7days screen -x |
38 |
st p4 mais2.cat.utexas Wed07PM 20:26 -bash |
39 |
rob pa 216-239-45-4.goo Sun11PM 27 screen -rd |
40 |
dwa ph 68-116-196-242.d 8:10PM 1:00 -bash |
41 |
reader pk c-98-215-178-110 9:57PM 0 w |
42 |
mage pq c-65-34-215-99.h Fri10PM 5days screen -r |
43 |
|
44 |
|
45 |
Or use `who' to get a full print of the remote hosts users are logging |
46 |
in from: |
47 |
|
48 |
who |
49 |
jhc ttyp1 Jul 30 02:36 (pool-173-70-160-108.nwrknj.fios.) |
50 |
cytroic ttyp3 Jul 2 13:59 (fw1.appliedcard.com) |
51 |
st ttyp4 Jul 29 19:05 (mais2.cat.utexas.edu) |
52 |
rob ttypa Jul 26 23:50 (216-239-45-4.google.com) |
53 |
dwa ttyph Jul 30 20:10 (68-116-196-242.dhcp.oxfr.ma.char) |
54 |
reader ttypk Jul 30 21:57 (c-98-215-178-110.hsd1.in.comcast) |
55 |
mage ttypq Jul 24 22:49 (c-65-34-215-99.hsd1.fl.comcast.n) |