Other System Logfiles

There are two other system logfiles that have nothing to do with the syslog daemon: /var/run/utmp and /var/log/wtmp. These logfiles keep track of information about logins. The first file, utmp, tracks the current system state and is used by commands like finger , write , or who . The man page for utmp warns that many system programs foolishly depend on its integrity if utmp is writable to any user .

The second file, /var/log/wtmp/, archives login information. It can be a valuable way to see who logs in and with what regularity. Since the file is a binary format you need something besides a text editor to get at the information it contains. To see the contents of the wtmp file, type last more . This shows who has logged in and from where. If the file is mysteriously empty or nulled, this is a sign that you have been hacked. Truncating these files is a common practice to cover one s tracks.

Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net