Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Security Audit, Proper usage of rkhinter
scilinuix
 Posted: Feb 10 2015, 04:57 PM
Quote Post


SLF Newbie


Group: Members
Posts: 1
Member No.: 2139
Joined: 14-December 12









Hello,

I wanted to perform a simple audit by running "last" to check for remote login. The output is shown
below:

PARTIAL EXTRACT

nuser pts/1 :0 Tue Feb 10 10:59 still logged in
nuser pts/0 :0 Tue Feb 10 10:23 still logged in
nuser :0 :0 Tue Feb 10 10:22 still logged in
(unknown :0 :0 Tue Feb 10 04:49 - 10:22 (05:32)
nuser pts/3 :0 Mon Feb 9 16:05 - 04:49 (12:44)
nuser pts/0 :0 Mon Feb 9 10:48 - 04:49 (18:01)
nuser pts/2 :0 Mon Feb 9 10:12 - 04:49 (18:37)
nuser pts/1 :0 Thu Feb 5 14:30 - 04:49 (4+14:19)
nuser pts/0 :0 Thu Feb 5 13:55 - 10:26 (3+20:30)
nuser :0 :0 Thu Feb 5 13:41 - 04:49 (4+15:08)
(unknown :0 :0 Thu Feb 5 13:40 - 13:41 (00:01)
reboot system boot 3.10.0-123.20.1. Thu Feb 5 08:39 - 11:56 (5+03:16)
nuser pts/0 :0 Thu Feb 5 13:11 - 13:39 (00:27)
nuser :0 :0 Thu Feb 5 13:07 - 13:39 (00:32)
(unknown :0 :0 Thu Feb 5 13:06 - 13:07 (00:00)

This question for anyone with security audit experience.

How to track down the source of the unknown user in the output log? Any help
will be appreciated. Thanks

PMEmail Poster
^
helikaon
 Posted: Feb 11 2015, 08:45 AM
Quote Post


SLF Administrator
*******

Group: Admins
Posts: 836
Member No.: 4
Joined: 8-April 11









Hi,
read this (and be enlightened by meeting this special kind of bug - Gnome bug biggrin.gif)

bugzilla

unixstack forum

cheers :]

--------------------
PMEmail Poster
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll