Linux / UNIX find out what other users are doing?

last updated in Categories , , , , , ,

Q. Can you explain the command to find what users are doing on my UNIX / Linux system?

A. Both Linux and UNIX (FreeBSD/Solaris) has w command to show who is logged on and what they are doing.

The w command prints a summary of the current activity on the system, including what each user is doing.

=> The first line displays the current time of day

=> How long the system has been running

=> The number of users logged into the system

=> The load averages. The load average numbers give the number of jobs in the run queue averaged over 1, 5 and 15 minutes.

You can also use ps command which shows you process that are running on the system.

Type w command displays information about the users currently on the machine, and their processes.

Show who is logged on and what they are doing with w command

The fields output are the user’s login name, the name of the terminal the user is on, the host from which the user is logged in, the time the user logged on, the time since the user last typed anything, and the name and arguments of the current process.
$ w
Output:

radm    pS 66.90.90.102     Sun01PM  1day -bash
raj     pW 192.168.1.100.  7:42AM     5 ssh root@202.54.1.20
miku    pX a80-186-82-84.el  7:28AM    10 screen irssi
vivek   pY 196.15.193.111    4:11AM     0 nano -w hireme
rani    q0 dslbr0.bsnl.in    7:32AM    12 lynx http://slashdot.org/
jadmin  q2 dslbr5.bsnl.in    7:33AM     0 ssh jadmin@host.cyberciti.info
gad     q3 dslbr76.bsnl.in   7:40AM     0 -ksh
bencs   q5 dslbr22.bsnl.in   7:44AM     5 -zsh
vivek   q6 gw11-vsnl.in      7:47AM    11 -bash

You can use the ps command shows you processes that are running on the system:

$ ps -au | more
$ ps -au | less

So you can use both w and ps commands to find out who’s doing what.

How can I find out who is logged on my UNIX / Linux system?

last updated in Categories , , , , , ,

Q. How do I display who is on the UNIX / Linux system?

A. On a Linux (on Solaris/FreeBSD or any other UNIX) system, many users will be sharing the same server.

Users will use telnet (outdated and insecure) or ssh (secure and highly recommended) to login remotely.

So if you want to find out your friend or a coworker is logged in or not, use the following commands.

If you want to find out who’s logged in on the Linux server including what time they logged in and from which network computer then you can use who command:

who command ~ show who is logged on

who commands works with almost all Linux and UNIX like oses. It show who is logged on to your system. It displays information about currently logged in users. By default, this includes the login name, tty name, date and time of login and remote hostname if not local.
$ who
Output:

raj     ttypV    Jan 17 07:23   .     (192.168.1.10)
ben     ttypW    Jan 17 07:42   .     (192.168.1.11)
miku    ttypX    Jan 17 07:28   .     (user-del-net-202.vsnl.net.in)
root    ttypY    Jan 17 04:11   .     (196.15.183.151)
roomy   ttyq0    Jan 17 07:32   .     (org-rev-1.bsnl.net.in)
anita   ttyq2    Jan 17 07:33   .     (192.168.5.112)
gads    ttyq3    Jan 17 07:40   .     (gtw-1.nixcraft.in)
bencs   ttyq5    Jan 17 07:44   .     (dsl5.bsnl.co.in)
pol20um ttyq6    Jan 17 07:47   .     (gtw-2.nixcraft.co.in)

Sometime you just want to find out if user raj logged in or not then you can use grep command:

$ who | grep raj

Try out following command if you have more than 20+ users logged in (so that you can see one page of logged in users at a time):

$ who | less
$ who | more

How do I find out the MAC address of my Linux or FreeBSD system?

last updated in Categories , , , , ,

Q. Can you tell me how can I find out MAC address under Linux or FreeBSD server?

A. A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc. Most layer 2 network protocols use one of three numbering spaces managed by the IEEE: MAC-48, EUI-48, and EUI-64, which are designed to be globally unique. (see mac address at wikipedia for more information).

Following command work with Linux and other UNIX oses:

ifconfig command

Ifconfig is used to configure the kernel-resident network interfaces.

In order to find out MAC address of system you can use ifconfig command as follows:
$ /sbin/ifconfig | grep HWaddr
Output:

eth0      Link encap:Ethernet  HWaddr 00:0F:EA:91:04:07

OR

$ /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0F:EA:91:04:07
        inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
        inet6 addr: fe80::20f:eaff:fe91:407/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:60400 errors:0 dropped:0 overruns:0 frame:0
        TX packets:109216 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:1000
        RX bytes:69273219 (66.0 MiB)  TX bytes:14285799 (13.6 MiB)
        Interrupt:18 Base address:0xc000

lo        Link encap:Local Loopback
        inet addr:127.0.0.1  Mask:255.0.0.0
        inet6 addr: ::1/128 Scope:Host
        UP LOOPBACK RUNNING  MTU:16436  Metric:1
        RX packets:3869 errors:0 dropped:0 overruns:0 frame:0
        TX packets:3869 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:396498 (387.2 KiB)  TX bytes:396498 (387.2 KiB)

OR as a root user type following command:

# grep eth0 /var/log/dmesg
eth0: RealTek RTL8139 at 0xc000, 00:0f:ea:91:04:07, IRQ 18
eth0:  Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1

FreeBSD example

# ifconfig
Output:

lnc0: flags=108843 mtu 1500
        inet 74.xx.yy.zzz netmask 0xfffffff0 broadcast 74.xx.yyy.zzz
        ether 00:0c:29:b8:92:8b
plip0: flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
        inet6 ::1 prefixlen 128 
        inet 127.0.0.1 netmask 0xff000000

See also:

Howto: Prevent root user from being able to log in via SSH service

last updated in Categories , , ,

Securing root account is one of the main tasks. Most systems have a password assigned to the root account. The first thing you do is assume that the password is always compromised. This does not mean that you should remove the password. The password is almost always necessary for console access to the machine. What it does mean is that you should not make it possible to use the password outside of the console. Direct root logins should only be allowed via the system console.

1) Login as a root user

2) Open /etc/ssh/sshd_config file
# vi /etc/ssh/sshd_config

3) Make changes to ssh server configuration find the following line or edit the line from:
PermitRootLogin yes

Change it to:
PermitRootLogin no

4) Save the changes

5) Restart sshd service
# /etc/init.d/sshd restart

The option PermitRootLogin specifies whether root can log in using ssh.