Linux Log utmp, wtmp ve btmp Dosyaları

Merhaba Değerli Okuyucular, bugün sizler ile Linux Log utmp, wtmp ve btmp Dosyaları: Kullanıcı Oturumları ve Güvenlik İzleme konusuna değinmeye çalışacağız. Linux log dosyaları, işletim sistemi ve uygulamalar tarafından oluşturulan kayıtları içeren dosyalardır. Bu log dosyaları, sistem durumu, hatalar, kullanıcı etkinlikleri ve diğer önemli olayları izleme amacıyla kullanılır. Linux…

View On WordPress

Difference between /var/log/wtmp and /var/run/utmp in linux ?

1. It contains logins and logout information and it cant be viewed as a text file because they are encrypted ones (i.e Available in binary formats) .

2. /var/run/utmp - Currently logged in details .

3. /var/log/wtmp - Shares both the login and logout information of the logged users .

wtmp file keeps records all logins & logouts on Linux. We also have utmp file that keeps and allows us to discover information about who is currently using the Unix box. But, we cannot read these files directly. See how to view logged in uses

Linux User Administration Part-2

Linux User Administration Part-2

User Management

Allow user login without password

For passwordless login, we need to delete the password from the /etc/shadow (encrypted password)

vim /etc/shadow

after this file open delete the password for a user to allow login without password and save the file 

See the below picture where encrypted password marked in red color we delete that and save the file 

linux-user-administration-login-without-password

Do not allow all user to login

For this, we have to create one file let's see 

cat > /etc/nologin

Type Here Message For The User To Know Why He Is Not Able To log in

See The Below Example 

Allow-user-not-to-login

Here we have created the nologin file and update the message to the user

NOTE:- After the activity kindly delete this file accordingly or as per requirement.

Information about USER

finger is the command to check user information 

See the below example for same 

finger -l username

information-about-user

How to monitor USER We can monitor USER activity with below commands

w      It shows who is logged on and what they are doing.

who    show who is logged on

lastlog  check the most recent login of all users

lastb   shows all failed login attempts We can monitor USER activity with below files /var/run/utmp Have the track of current login state for all user

/var/log/wtmp Have all login and logouts details 

/var/log/btmp keeps failed login attempts 

Password Aging

We can change the policy using file /etc/login.defs but this is not recommended so we can use chage command for same chage to modify password policy for the users

chage -l username 

we will get below output 

password-aging

Here we can see the many options

-M this option using we can change the maximum number of days between password change

example chage -M 15 username (using this command) 6th field from above figure will change

-W this option using we can manage the number of days of warning before password expires 

example  chage -W 9 username (using this command) 7th field from the above figure will change 

-E this option using we can manage account expires period 

example  chage -E 2019/02/08 username (using this command) 4th field from the above figure will change 

-I this option using we can manage password expires period

example chage -I 18 username  (using this command) 2nd field from above figure will change  

change the owner and group of file

Command

chown test.root file1

see the below image for reference 

change-ownership-of-file

Group Management

Please remember 

User can be a member of more than one group

More than 1 user can be the group administrator if required

The administrator of the group performs 

add/change/delete password of the group

delete or add the user to that group

group can be reserved to those members only

Commands

add new group

groupadd groupname

check the group 

grep groupname /etc/group

change the gid of the group

groupadd -g 701 groupname

check the group info

grep groupname /etc/group

change the name of the group 

groupmod -g 707 -n newname oldname 

Here groupmod command using option -g for changing gid and -n option for changing group name from oldname to newname, we can check this in grep newname /etc/group

delete group groupdel groupname assign password to the group gpasswd groupname check group password grep groupname /etc/group /etc/shadow allign group admin to particular group who manage group activities gpasswd -A nameoftheuser groupname  here nameoftheuser is admin for group groupname (you can give the name) Adding user to group 

gpasswd -a test sales ( Here we have added user test into sales group )

Restrict Other users to login to the group ( -R option ) 

gpasswd -R sales ( Here we have use option -R to restrict member login to the group sales )

And if want allow then we use -r option 

gpasswd -r sales ( allow group member only to login to the group )

Deleting user from the particular group (we can use -d option)

gpasswd -d test sales (Here we have removed user test from group sales)

Combine /etc/group and /etc/gshadow file 

grpconv

Now Check 

ls /etc/group /etc/gshadow

We can found the output

/etc/group /etc/gshadow

grpunconv

Now Check 

ls /etc/group /etc/gshadow

We can found the output

ls: can not access /etc/ghsadow: No such file or directory

/etc/group

grpconv

Now Check again

ls /etc/group /etc/gshadow

We can found the output for both

/etc/group /etc/gshadow

via Blogger https://ift.tt/2X1Ve8L

sshd Linux Command

sshd

sshd [options]

TCP/IP command. Server for the ssh program, providing a secure remote-login and remote-execution facility equivalent to rlogin and rsh. Normally started at boot, sshd listens for incoming connections, forking a new daemon when one is detected. The forked daemon handles authentication, command execution, and encryption. Most implementations of sshd support both SSH protocols 1 and 2. The following options are those used by OpenSSH, OpenBSD's Secure Shell implementation.

Options

-4 Use only IPv4 addresses. -6 Use only IPv6 addresses. -b bits Use the specified number of bits in the server key. Default is 768. -d Run sshd in the foreground and send verbose debug information to the system log. Process only one connection. Use the specified number of bits in the server key. This option may be specified from one to three times. Each additional -d increases the level of information sent to the system log. -D Do not detach from the foreground process. -e Send output to standard error instead of the system log. -f file Read configuration information from file instead of the default configuration file /etc/ssh/sshd_config. -g seconds Set the grace time a client has to authenticate itself before the server disconnects and exits. The default is 600 seconds. A value of 0 means there is no limit. -h keyfile Read the host's cryptographic key from the specified keyfile instead of from the default file /etc/ssh/ssh_host_key for SSH protocol 1, and the default files /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for SSH protocol 2. The -h option may be given more than once to specify multiple keyfiles. -i Use when running sshd from inetd. -k seconds Set how often the Version 1 server key should be regenerated. Default value is 3600 seconds. If set to 0 seconds, the key will never be regenerated. -o setting Pass a configuration file setting as an option. -p port Listen for connections on port. The default is 22. More than one -p option may be specified. This option overrides ports specified in a configuration file. -q Send no messages to the system log. -t Test configuration files and keys, then exit. -u namelength Specify the length of the remote hostname field in the UTMP structure as specifed in utmp.h. A namelength of 0 will cause sshd to write dotted decimal values instead of hostnames to the utmp file and prevent DNS requests unless required by the authentication mechanism.

from Java Tutorials Corner http://ift.tt/2vX8YCj via IFTTT