FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-11-2009, 07:54 AM
"Dotan Cohen"
 
Default Who is logged into this box?

On a machine that I have root access to, how can I see who is logged
into the machine? Specifically, I suspect that a malicious entity is
logging on in a compromised account over SSH, even while the account's
user is sitting at the machine and logged in, so if I can catch two
simultaneous login sessions (one on the physical hardware, one over
ssh) then I can be sure. Thanks.

--
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-*-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه*-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-*-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-*-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü
 
Old 01-11-2009, 08:00 AM
steve
 
Default Who is logged into this box?

Dotan Cohen wrote:
> On a machine that I have root access to, how can I see who is logged
> into the machine? Specifically, I suspect that a malicious entity is
> logging on in a compromised account over SSH, even while the account's
> user is sitting at the machine and logged in, so if I can catch two
> simultaneous login sessions (one on the physical hardware, one over
> ssh) then I can be sure. Thanks.
>

I believe just type w in a command line should dump all users.





--
Steve Reilly

http://reillyblog.com





--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-11-2009, 08:01 AM
Bob Cox
 
Default Who is logged into this box?

On Sun, Jan 11, 2009 at 10:54:25 +0200, Dotan Cohen (dotancohen@gmail.com) wrote:

> On a machine that I have root access to, how can I see who is logged
> into the machine? Specifically, I suspect that a malicious entity is
> logging on in a compromised account over SSH, even while the account's
> user is sitting at the machine and logged in, so if I can catch two
> simultaneous login sessions (one on the physical hardware, one over
> ssh) then I can be sure. Thanks.

Just typing "w" (without the quotes) should be adequate.

--
Bob Cox. Stoke Gifford, near Bristol, UK.
Please reply to the list only. Do NOT send copies directly to me.
Debian on the NSLU2: http://bobcox.com/slug/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-11-2009, 08:04 AM
"Dotan Cohen"
 
Default Who is logged into this box?

2009/1/11 steve <sfreilly@roadrunner.com>:
> Dotan Cohen wrote:
>> On a machine that I have root access to, how can I see who is logged
>> into the machine? Specifically, I suspect that a malicious entity is
>> logging on in a compromised account over SSH, even while the account's
>> user is sitting at the machine and logged in, so if I can catch two
>> simultaneous login sessions (one on the physical hardware, one over
>> ssh) then I can be sure. Thanks.
>>
>
> I believe just type w in a command line should dump all users.
>

What ever happened to long, complicated commands?!?

Thanks!

--
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-*-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه*-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-*-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-*-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü
 
Old 01-11-2009, 08:16 AM
steve
 
Default Who is logged into this box?

Dotan Cohen wrote:
> 2009/1/11 steve <sfreilly@roadrunner.com>:
>> Dotan Cohen wrote:
>>> On a machine that I have root access to, how can I see who is logged
>>> into the machine? Specifically, I suspect that a malicious entity is
>>> logging on in a compromised account over SSH, even while the account's
>>> user is sitting at the machine and logged in, so if I can catch two
>>> simultaneous login sessions (one on the physical hardware, one over
>>> ssh) then I can be sure. Thanks.
>>>
>> I believe just type w in a command line should dump all users.
>>
>
> What ever happened to long, complicated commands?!?
>
> Thanks!
>

ok lol

w -h -u -s -f -o >users.txt


i often wondered where some of these commands got their name from
myself. w? and that is short for user in what way??






--
Steve Reilly

http://reillyblog.com





--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-11-2009, 08:34 AM
Rick Thomas
 
Default Who is logged into this box?

On Jan 11, 2009, at 4:16 AM, steve wrote:


i often wondered where some of these commands got their name from
myself. w? and that is short for user in what way??



It's short for "who(1)", which does much the same thing, but
differently.


Rick


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-11-2009, 09:01 AM
Tzafrir Cohen
 
Default Who is logged into this box?

On Sun, Jan 11, 2009 at 09:01:57AM +0000, Bob Cox wrote:

> Just typing "w" (without the quotes) should be adequate.

While we're at it:

"w" # (with the quotes) will actually do the same thing on the shell ;-)

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-11-2009, 09:34 AM
Bob Cox
 
Default Who is logged into this box?

On Sun, Jan 11, 2009 at 10:01:59 +0000, Tzafrir Cohen (tzafrir@cohens.org.il) wrote:

> On Sun, Jan 11, 2009 at 09:01:57AM +0000, Bob Cox wrote:
>
> > Just typing "w" (without the quotes) should be adequate.
>
> While we're at it:
>
> "w" # (with the quotes) will actually do the same thing on the shell ;-)

You are right - thank you! Next time I shall have to say something
like "the quotes are not necessary", or, more correctly "the quotation
marks are not necessary".

Personally, I call them inverted commas, but I think that's a British
English thing.

--
Bob Cox. Stoke Gifford, near Bristol, UK.
Please reply to the list only. Do NOT send copies directly to me.
Debian on the NSLU2: http://bobcox.com/slug/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-11-2009, 09:56 AM
"Koh Choon Lin"
 
Default Who is logged into this box?

>> > Just typing "w" (without the quotes) should be adequate.
>>
>> While we're at it:
>>
>> "w" # (with the quotes) will actually do the same thing on the shell

who has more info than w.


--
Koh Choon Lin


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-11-2009, 10:05 AM
"Dotan Cohen"
 
Default Who is logged into this box?

2009/1/11 Koh Choon Lin <kohchoonlin0@gmail.com>:
>>> "w" # (with the quotes) will actually do the same thing on the shell
>
> who has more info than w.
>

You tell me!

--
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-*-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه*-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-*-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-*-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü
 

Thread Tools




All times are GMT. The time now is 07:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org