Other System Logfiles

Previous page
Table of content
Next page

There are two other system logfiles that have nothing to do with the syslog daemon: /var/run/utmp and /var/log/wtmp. These logfiles keep track of information about logins. The first file, utmp, tracks the current system state and is used by commands like finger , write , or who . The man page for utmp warns that many system programs foolishly depend on its integrity if utmp is writable to any user .

The second file, /var/log/wtmp/, archives login information. It can be a valuable way to see who logs in and with what regularity. Since the file is a binary format you need something besides a text editor to get at the information it contains. To see the contents of the wtmp file, type last more . This shows who has logged in and from where. If the file is mysteriously empty or nulled, this is a sign that you have been hacked. Truncating these files is a common practice to cover one s tracks.



Previous page
Table of content
Next page
Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113
Authors: John Terpstra, Paul Love, Ronald P. Reck, Tim Scanlon
BUY ON AMAZON
Qshell for iSeries
SQL Tips & Techniques (Miscellaneous)
Mapping Hacks: Tips & Tools for Electronic Cartography
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Mastering Delphi 7
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy