Unix Blog !

April 30, 2003

Locking out non-root users

Filed under: Uncategorized — sriram003 @ 2:30 pm 
To disable all user logins (except for root) without taking down
the system into maintenance mode create a file /etc/nologin.
The content of this file will be displayed when a user tries to log
in. Useful when doing service on the system which might affect
users.

April 9, 2003

How to monitor suspicious activity?

Filed under: Uncategorized — sriram003 @ 2:25 pm 
You can get the iplogger package, which will log every tcp connection made
to your machine.  The lsof package is also useful for finding out if a
service is running on a port on your own machine.  I believe lsof is
kernel version dependent, so you may have to expirement some....

example:
[bash]$ lsof -i :22
COMMAND   PID USER   FD   TYPE     DEVICE SIZE/OFF INODE NAME
sshd    32211 root    6u  inet 0x0149ac0c      0t0   TCP *:ssh (LISTEN)

Also, if you are paranoid, I would suggest getting the tripwire package.
This will monitor your system for changed system files.

Blog at WordPress.com.