A little security help please

[tolstoy]

If you can't su to root and can't log in remotely as root, you may be out of luck.

[Feztaa]

Yeah, you have to be root. If you can't log in remotely as root, you're SOL

[rick420]

Sweet! Thanks guys, I got the su working exactly like I want, only rick420 can su now. I would like to get that real time logging working, thats next on my list. What logs are the most important for me to look at to see what is going on in there?

Weird, the colon works on my system. I've just always used a period...

No, it's weird that the period works: the colon has been default in every UNIX. If you try on BSD, old Unices, etc., the colon will always work. The period won't

Sweet! *Thanks guys, I got the su working exactly like I want, only rick420 can su now. *I would like to get that real time logging working, thats next on my list. *What logs are the most important for me to look at to see what is going on in there? *

Keep an eye on those:
- /var/log/auth.log
- /var/log/faillog (you can (and must) see this with the command faillog)
- /var/log/lastlog (you must see this with lastlog)
- /var/log/syslog
- /var/log/messages

I like to use 'root-tail' to see those. root-tail is a program that does 'tail -f' but on your root window (look at this screenshot in the bottom right corner). Very useful.

And be sure to learn about ngrep or tcpdump (ngrep is better IMO). Very useful!

[Feztaa]

I have the following script set to run continuously on tty12:

Code:

while :
do
 clear
 echo "Total Failed Logins:"
 echo "--------------------"
 faillog|grep -v Username
 echo
 echo "Last Successful Logins:"
 echo "-----------------------"
 lastlog|grep -v Username
 echo
 echo "Last 5 Failed Logins:"
 echo "---------------------"
 lastb -5
 echo
 echo "Last 5 Successful Logins:"
 echo "-------------------------"
 last -5
 sleep 600
done

and that basically will tell you all you need to know about the login attempts on your box. The output is nicely formatted and you don't have to worry about trying to read cryptic log files -- also, you're only using one console, so it's more efficient

[Feztaa]

No, it's weird that the period works: the colon has been default in every UNIX. If you try on BSD, old Unices, etc., the colon will always work. The period won't

This is the first I've heard of it.

[rick420]

Fetzaa:

Code:
while :
do
clear
echo "Total Failed Logins:"
echo "--------------------"
faillog|grep -v Username
echo
echo "Last Successful Logins:"
echo "-----------------------"
lastlog|grep -v Username
echo
echo "Last 5 Failed Logins:"
echo "---------------------"
lastb -5
echo
echo "Last 5 Successful Logins:"
echo "-------------------------"
last -5
sleep 600
done

Looks nice, but when people say "I use this script" how od I use that script? What do I have to do with that to make it work? Im sorry, Im a cisco-type of guy, not a programmer unfournately. So I am kinda clueless on how to use that, can you point me in the right direction?

[Feztaa]

Did you read the inittab hint yet? It tells you what to do with it.