Learning about remote users
Brian V. Smith
envbvs at epb6.lbl.gov
Fri Mar 17 09:35:40 AEST 1989
In article <199 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
>Suppose that you have a Unix system (BSD, Sys/V, Xenix, etc.) connected to
>a network via the usual TCP-style networking, and you'd like to learn what
>you can about who is logging in. The obvious thing to do is to insert some
>things into the local .login (or .profile or .kshrc or /etc/profile or ...)
>that invokes a little (?) program whose purpose is to create an audit trail
>of remote logins. Is it possible to learn anything interesting about the
>remote user?
>
>The first problem, of course, is identifying which logins are remote, and
>where they come from. You can usually determine the latter by looking at
>the major/minor device numbers on the stdio files, and checking to see if
>they are pseudo-terminals. Will this work everywhere? What systems, if
>any, are exceptions.
>
>As for identifying the originating system, I suspect that it is doable,
>though I haven't yet determined how to do it. The evidence I have that
>it is doable is that who(1) does it on BSD systems. Does anyone know
>how it is done?
Yes, the program 'who' shows both the tty (pseudo-tty for remote login)
and the originating machine in parentheses. This holds true for 4.2BSD,
Ultrix and SunOs systems. I don't know about any others
Brian V. Smith
Lawrence Berkeley Laboratory, Berkeley
--------------------------------------
We don't need no stinking signatures!
We don't need no stinking signatures!
More information about the Comp.unix.wizards
mailing list