Q. How do I Monitor Linux User Activity in real time?
A. The whowatch program scans the most current common log file of Linux server and creates the following statistics in real time:
=> The users currently logged on to the machine, in real-time.
=> User login name,
=> User tty
=> User host name
=> User's process
=> The type of the connection (ie. telnet or ssh)
=> Display of users command line can be switch to tty idle time.
=> Certain user can be selected and his processes tree may be viewed as well as tree of all system processes.
=> Kill user process etc
I have already written how to install and configure whowatch. Please refer this previous article.
Q. I am running SSH/MySQL/Webserver and setup iptables based firewall. But my logs are send to console rather than the system log files. How do make sure that iptables LOG target messages are send to /var/log/messages file?
A. IPTABLES LOG module turns on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log where it can be read with
dmesg or syslogd.
You can configure level of logging with an option called --log-level level. For example, drop and LOG all incoming port 22 TCP, message:
iptables -I OUTPUT -j LOG --log-level crit -p tcp --dport 22
Read man pages of iptables and syslog.conf for more info.
Both rsh or rlogin prompt for a password. All you need to do is open /etc/hosts.equiv file on host system and add entries for all hosts you would like use without password .
This file list of hosts and users that are granted "trusted" r (rsh/rloging) command access to your system without supplying a password.
$ cat /etc/hosts.equiv
In above file job1, job2, job3 hosts can connect without a password.
Caution: R (rsh/rlogin) commands are very insecure if possible switch to secure shell (ssh). You can configure ssh so that is does not prompt for a password.