- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Help with tracking user from a remote terminal
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 08:15 AM
02-08-2001 08:15 AM
Help with tracking user from a remote terminal
First how can I take away remote login from a particular userid?
Second, I am using HPUNIX and I have a generic userid named forte for my application. some individual having access to this id, has been killing processes and I would like to know how to track him/her down. I was told that there is way to track a type of terminal tty to a particular phone line number. I suspect the individual is logging in from home using a phone line.
Your help will be most appreciated.
Thanks,
Ana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 08:32 AM
02-08-2001 08:32 AM
Re: Help with tracking user from a remote terminal
Using the 'last
If it's through a modem line, you could simply de-activate the login on that modem line, unless you actually need it permanently.
Editing /etc/inetd.sec could help in restricting logins to your local network.
See manual page for inetd.sec for details.
Best regards,
Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 09:00 AM
02-08-2001 09:00 AM
Re: Help with tracking user from a remote terminal
Thank you for your help Dan, I really appreciate it.
I did go through the output of the command last as it concerns the specific user 'forte' and I got a list sort of like this:
forte pts/te 1xx.1xx.1xx.2xx Fri Feb 2 15:24 - 15:25 (00:00)
forte pts/tf 1xx.1xx.1xx.2xx Fri Feb 2 15:08 - 15:51 (00:42)
forte pts/tg 1xx.1xx.1xx.2xx Fri Feb 2 15:05 - 15:37 (00:31)
forte pts/tc 1xx.1xx.1xx.2xx Fri Feb 2 14:19 - 14:27 (00:08)
forte pts/ta sxxx.marxx Thu Feb 8 05:20 - 05:40 (00:20)
forte pts/tf sxxx.marrio Wed Feb 7 21:39 - 02:59 (05:20)
I am not sure what I can do with it though. I don't know how to track anything down. there are literaly thousands of people who receive ip addresses via dhcp and I don't know what the diferences on the pts/t*. for instance what is the diferences between pts/tf and pts/ta and so forth and how can I use this to track people down?
Also, could someone please answer my question on how I can restrict the remote login for a specific user. I am sure there is a way to disable remote logins for a user but I don't know how myself, I need commands for this a quick example if you will.
Thanks,
Ana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 09:08 AM
02-08-2001 09:08 AM
Re: Help with tracking user from a remote terminal
There is no difference between pts/ty and pts/tz apart from numbering. They are pseudo-terminals.
The most interesting thing is the IP address coming immediately after. This is the IP address or host name your user is coming from.
The last field shows you when the login took place and for how long.
You could use this input to track down the 'culprit' and deny login from that IP address using /etc/inetd.sec
Best regards,
Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 06:29 PM
02-08-2001 06:29 PM
Re: Help with tracking user from a remote terminal
I think Dan has his wizard cap screwed on a wee bit too tight :). The inetd security file is /var/adm/inetd.sec, not /etc/inetd.sec. Otherwise, Dan's answer, as always, is right on target. (2300 points and only one mistake!)
--Bruce
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 07:08 PM
02-08-2001 07:08 PM
Re: Help with tracking user from a remote terminal
One way to prevent a remote user from logging in from remote would be to block him in /etc/profile. In this way, you can be selective as to which specific remote users you want to block from logging in from a list of remote sites while letting other remote users access to your system.
Giving you an idea of the lines you can include in your /etc/profile:
===========================================
mytty=`tty|cut -d\/ -f3-`
mylocation=`last|grep $mytty|head -1|awk '{print $3}'`
if cat /etc/blacklistusers|grep $LOGNAME >/dev/null 2>/dev/null && cat /etc/blacklistlocations|grep $mylocation >/dev/null 2>/dev/null
then
echo "You are not allowed to login from $mylocation"
exit
fi
===========================================
You will need to populate /etc/blacklistusers with the list of users and /etc/blacklistlocations with the list of remote IPs you wish to block.
Hope this helps. Regards.
Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 11:40 PM
02-08-2001 11:40 PM
Re: Help with tracking user from a remote terminal
You're right ! The reason why I don't remove my hat is because I'm bald and don't want to catch the flu.
You're quite far from the truth when you tell that this is my only wrong answer in 2300 points (:-))
The file is, of course /var/adm/inetd.sec, thank you for correcting my mistake.
Kindest regards,
Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2001 04:59 AM
02-09-2001 04:59 AM
Re: Help with tracking user from a remote terminal
If I pinpoint the culprit and he/she has a static IP than I will blacklist it.
Ana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2001 07:12 AM
02-09-2001 07:12 AM
Re: Help with tracking user from a remote terminal
Jim Trice