| 1 |
Vagner Rodrigues <vagner@×××××××××××.org> writes: |
| 2 |
|
| 3 |
> Hi Folks ! |
| 4 |
> |
| 5 |
> |
| 6 |
> Somebody know how I to so send mail with IP and Date/time when same |
| 7 |
> user login on shell ( remote or local ) ? |
| 8 |
> |
| 9 |
> I work with another admin's and I never told me when they access and |
| 10 |
> for what my server to do something, I try log but this can be erased |
| 11 |
> and maybe mail can help me about access and with this I can Ask about |
| 12 |
> this access. |
| 13 |
|
| 14 |
Do you really think the other admins would be erasing logs? |
| 15 |
|
| 16 |
one way to get some input would be to run your own script that calls |
| 17 |
`w' who `who' every half hour and writes it to a file with `>>' redirect. |
| 18 |
|
| 19 |
Then once a day the script could mail you the resulting file. |
| 20 |
|
| 21 |
If the other admins are logging in as root... you would see where they |
| 22 |
were logging in from... and possibly identify them that way... also |
| 23 |
`w' may give a little hint as to what they are doing. |
| 24 |
|
| 25 |
Some scanning of the output file would reveal quite a lot of info over |
| 26 |
time. |
| 27 |
|
| 28 |
look at `man w' or `man who' for what you would be getting |
| 29 |
|
| 30 |
The output might look something like this...showing who is logged in |
| 31 |
and from where: |
| 32 |
|
| 33 |
w |
| 34 |
[...] |
| 35 |
USER TTY FROM LOGIN@ IDLE WHAT |
| 36 |
jhc p1 pool-173-70-160- 2:36AM 0 /bin/ksh |
| 37 |
cytroic p3 fw1.appliedcard. 02Jul09 7days screen -x |
| 38 |
st p4 mais2.cat.utexas Wed07PM 20:26 -bash |
| 39 |
rob pa 216-239-45-4.goo Sun11PM 27 screen -rd |
| 40 |
dwa ph 68-116-196-242.d 8:10PM 1:00 -bash |
| 41 |
reader pk c-98-215-178-110 9:57PM 0 w |
| 42 |
mage pq c-65-34-215-99.h Fri10PM 5days screen -r |
| 43 |
|
| 44 |
|
| 45 |
Or use `who' to get a full print of the remote hosts users are logging |
| 46 |
in from: |
| 47 |
|
| 48 |
who |
| 49 |
jhc ttyp1 Jul 30 02:36 (pool-173-70-160-108.nwrknj.fios.) |
| 50 |
cytroic ttyp3 Jul 2 13:59 (fw1.appliedcard.com) |
| 51 |
st ttyp4 Jul 29 19:05 (mais2.cat.utexas.edu) |
| 52 |
rob ttypa Jul 26 23:50 (216-239-45-4.google.com) |
| 53 |
dwa ttyph Jul 30 20:10 (68-116-196-242.dhcp.oxfr.ma.char) |
| 54 |
reader ttypk Jul 30 21:57 (c-98-215-178-110.hsd1.in.comcast) |
| 55 |
mage ttypq Jul 24 22:49 (c-65-34-215-99.hsd1.fl.comcast.n) |
Archives