Log of login and files access on fedora

  • satya-prakash
  • Graduate
  • Graduate
  • User avatar
  • Posts: 134
  • Loc: Bangalore

Post 3+ Months Ago

Hello Linux Guru

I am facing very serious issues of begin spying.
I am sure of that. Idiots are doing that.
But I am not very well in linux, so i cannot get the log of that.

can you tell me how to find trace of file accessed, who is login, who logged when, etc.
How to check telnet. Can I disable telnet on my system, so no one can telnet at my system. Can this will affect login from remote?

I have root password.

Thanks!
  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

check /var/log/secure and /var/log/secure.1 (secure being the newest, secure.1 older)

with telnet, you could close off all open ports, or at least all commonly opened ports. then if you opened one of the higher numbered ports so you could remote into your machine, you'd have to set it up to use that port but its less likely that someone else would find the port and successfully remote in.
  • mo_mughrabi
  • Student
  • Student
  • User avatar
  • Posts: 73

Post 3+ Months Ago

you have to check logfiles as Anarch mentioned, also

if you are centrain that there is used ports, try to

netstat|more

and see if there is any unusual activities,

maybe you need to enable firewall "iptables" or check if it's even running,

chkconfig iptables --list

chkconfig iptables on


cheers,
  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

iptables should be running / on as it is by default. but its always good to check..

you could also install / run wireshark to see what traffic is coming in / going out over your nic(s). this will also tell you what the destination IP is so you can have a better idea of whats going on, such as whether its local or from the other side of the world lol
  • mo_mughrabi
  • Student
  • Student
  • User avatar
  • Posts: 73

Post 3+ Months Ago

AnarchY SI wrote:
iptables should be running / on as it is by default. but its always good to check..

you could also install / run wireshark to see what traffic is coming in / going out over your nic(s). this will also tell you what the destination IP is so you can have a better idea of whats going on, such as whether its local or from the other side of the world lol


Wireshark? sounds like awesome tool! I need to get that ASAP!.. But, I just went on the site and they just have a windows distribution available for download. Do you have any idea where I can get for a Mac or Unix?

This is the link I was looking at http://www.wireshark.org/download.html

Cheers,
  • mo_mughrabi
  • Student
  • Student
  • User avatar
  • Posts: 73

Post 3+ Months Ago

satya-prakash wrote:
Hello Linux Guru

I am facing very serious issues of begin spying.
I am sure of that. Idiots are doing that.
But I am not very well in linux, so i cannot get the log of that.

can you tell me how to find trace of file accessed, who is login, who logged when, etc.
How to check telnet. Can I disable telnet on my system, so no one can telnet at my system. Can this will affect login from remote?

I have root password.

Thanks!


And yeah, by the way, try changing the root password! and look at the root history if been used by other hosts or issued commands you never seen before..

P.S Happened once with me :D

:)
  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

what distro of linux/unix do you have? in fedora, you'd just execute the command yum install wireshark
i think in ubuntu its apt-get install wireshark
so it should be in a repository for your distro possibly..
wireshark for mac <- that phrase is what i searched on google
  • satya-prakash
  • Graduate
  • Graduate
  • User avatar
  • Posts: 134
  • Loc: Bangalore

Post 3+ Months Ago

Thank you! Sir.

I have to check that all, it will take time as I am new to these kind of job

These commands are not running.
Code: [ Select ]
chkconfig iptables --list

chkconfig iptables on
  1. chkconfig iptables --list
  2. chkconfig iptables on


Output is: command not found.

I will install wireshark.

I am using Fedora Core 5.

Please keep on posting.

Thank you!
  • mo_mughrabi
  • Student
  • Student
  • User avatar
  • Posts: 73

Post 3+ Months Ago

It is strange to recieve such output! have you issued the commands as root? refer to the following links regarding enabling iptables.

http://www.help2go.com/Tutorials/Linux% ... ewall.html
  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

mo_mughrabi wrote:
It is strange to recieve such output! have you issued the commands as root? refer to the following links regarding enabling iptables.

http://www.help2go.com/Tutorials/Linux% ... ewall.html


i can already answer that for ya ;)



enter these commands exactly as you see them (aside from the root password):
Quote:
su -
your_root_password
chkconfig iptables --list
chkconfig iptables on

(notice the hypen, - , after the letters su)
  • satya-prakash
  • Graduate
  • Graduate
  • User avatar
  • Posts: 134
  • Loc: Bangalore

Post 3+ Months Ago

Code: [ Select ]
[root@satya ~]# chkconfig iptables --list
iptables    0:off  1:off  2:on  3:on  4:on  5:on  6:off
[root@satya ~]# chkconfig iptables on
[root@satya ~]# chkconfig iptables --list
iptables    0:off  1:off  2:on  3:on  4:on  5:on  6:off

=====================================================

[root@satya ~]# netstat|more
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address        Foreign Address       Stat
e
tcp    0   0 satya.fresh2.com:50000   satya.fresh2.com:50720   ESTA
BLISHED
tcp    0   0 it112.dns1.flora2000.:45869 gv-in-f99.google.com:http  ESTA
BLISHED
tcp    0   0 satya.fresh2.com:50720   satya.fresh2.com:50000   ESTA
BLISHED
tcp    0   0 it112.dns1.flora2000.:49541 eh-in-f191.google.com:http ESTA
BLISHED
tcp    0   0 it112.dns1.flora2000.:49540 eh-in-f191.google.com:http ESTA
BLISHED
tcp    0   0 it112.dns1.flora2000.:49539 eh-in-f191.google.com:http ESTA
BLISHED
tcp    1   0 it112.dns1.flora2000.:49538 eh-in-f191.google.com:http CLOS
E_WAIT
tcp    0   0 it112.dns1.flora2000.:54543 by2msg2104612.phx.gbl:msnp ESTA
BLISHED
tcp    0   0 it112.dns1.flora2000.:52785 bx-in-f147.google.com:http ESTA
BLISHED
tcp    0   0 it112.dns1.flora2000.:52784 bx-in-f147.google.com:http ESTA
BLISHED
tcp    0   0 it112.dns1.flora2000.:52783 bx-in-f147.google.com:http ESTABLISHED
tcp    0   0 it112.dns1.flora2000.:52782 bx-in-f147.google.com:http ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags    Type    State     I-Node Path
unix 16   [ ]     DGRAM          4161  /dev/log
unix 2   [ ]     DGRAM          971  @/org/kernel/udev/udevd
unix 2   [ ]     DGRAM          5512  @/org/freedesktop/hal/udev_event
unix 3   [ ]     STREAM   CONNECTED   21294 /tmp/ksocket-satyaprakash/quantacrzLXb.slave-socket
unix 3   [ ]     STREAM   CONNECTED   21293
unix 2   [ ]     DGRAM          21255
unix 3   [ ]     STREAM   CONNECTED   21207
unix 3   [ ]     STREAM   CONNECTED   21206
unix 3   [ ]     STREAM   CONNECTED   21204 /tmp/orbit-satyaprakash/linc-db0-0-26f8a85e729a
unix 3   [ ]     STREAM   CONNECTED   21203
unix 3   [ ]     STREAM   CONNECTED   21202 /tmp/orbit-satyaprakash/linc-8c2-0-452f4a5762dd8
unix 3   [ ]     STREAM   CONNECTED   21201
unix 3   [ ]     STREAM   CONNECTED   21200 /tmp/orbit-satyaprakash/linc-db0-0-26f8a85e729a
unix 3   [ ]     STREAM   CONNECTED   21199
unix 3   [ ]     STREAM   CONNECTED   21196 /tmp/orbit-satyaprakash/linc-8bd-0-4f77bc3427ede
unix 3   [ ]     STREAM   CONNECTED   21195
  1. [root@satya ~]# chkconfig iptables --list
  2. iptables    0:off  1:off  2:on  3:on  4:on  5:on  6:off
  3. [root@satya ~]# chkconfig iptables on
  4. [root@satya ~]# chkconfig iptables --list
  5. iptables    0:off  1:off  2:on  3:on  4:on  5:on  6:off
  6. =====================================================
  7. [root@satya ~]# netstat|more
  8. Active Internet connections (w/o servers)
  9. Proto Recv-Q Send-Q Local Address        Foreign Address       Stat
  10. e
  11. tcp    0   0 satya.fresh2.com:50000   satya.fresh2.com:50720   ESTA
  12. BLISHED
  13. tcp    0   0 it112.dns1.flora2000.:45869 gv-in-f99.google.com:http  ESTA
  14. BLISHED
  15. tcp    0   0 satya.fresh2.com:50720   satya.fresh2.com:50000   ESTA
  16. BLISHED
  17. tcp    0   0 it112.dns1.flora2000.:49541 eh-in-f191.google.com:http ESTA
  18. BLISHED
  19. tcp    0   0 it112.dns1.flora2000.:49540 eh-in-f191.google.com:http ESTA
  20. BLISHED
  21. tcp    0   0 it112.dns1.flora2000.:49539 eh-in-f191.google.com:http ESTA
  22. BLISHED
  23. tcp    1   0 it112.dns1.flora2000.:49538 eh-in-f191.google.com:http CLOS
  24. E_WAIT
  25. tcp    0   0 it112.dns1.flora2000.:54543 by2msg2104612.phx.gbl:msnp ESTA
  26. BLISHED
  27. tcp    0   0 it112.dns1.flora2000.:52785 bx-in-f147.google.com:http ESTA
  28. BLISHED
  29. tcp    0   0 it112.dns1.flora2000.:52784 bx-in-f147.google.com:http ESTA
  30. BLISHED
  31. tcp    0   0 it112.dns1.flora2000.:52783 bx-in-f147.google.com:http ESTABLISHED
  32. tcp    0   0 it112.dns1.flora2000.:52782 bx-in-f147.google.com:http ESTABLISHED
  33. Active UNIX domain sockets (w/o servers)
  34. Proto RefCnt Flags    Type    State     I-Node Path
  35. unix 16   [ ]     DGRAM          4161  /dev/log
  36. unix 2   [ ]     DGRAM          971  @/org/kernel/udev/udevd
  37. unix 2   [ ]     DGRAM          5512  @/org/freedesktop/hal/udev_event
  38. unix 3   [ ]     STREAM   CONNECTED   21294 /tmp/ksocket-satyaprakash/quantacrzLXb.slave-socket
  39. unix 3   [ ]     STREAM   CONNECTED   21293
  40. unix 2   [ ]     DGRAM          21255
  41. unix 3   [ ]     STREAM   CONNECTED   21207
  42. unix 3   [ ]     STREAM   CONNECTED   21206
  43. unix 3   [ ]     STREAM   CONNECTED   21204 /tmp/orbit-satyaprakash/linc-db0-0-26f8a85e729a
  44. unix 3   [ ]     STREAM   CONNECTED   21203
  45. unix 3   [ ]     STREAM   CONNECTED   21202 /tmp/orbit-satyaprakash/linc-8c2-0-452f4a5762dd8
  46. unix 3   [ ]     STREAM   CONNECTED   21201
  47. unix 3   [ ]     STREAM   CONNECTED   21200 /tmp/orbit-satyaprakash/linc-db0-0-26f8a85e729a
  48. unix 3   [ ]     STREAM   CONNECTED   21199
  49. unix 3   [ ]     STREAM   CONNECTED   21196 /tmp/orbit-satyaprakash/linc-8bd-0-4f77bc3427ede
  50. unix 3   [ ]     STREAM   CONNECTED   21195


Ok, now I can run:
chkconfig iptables --list
chkconfig iptables on.

I have pasted the output above. Here "satya.fresh2.com", I think it is me. But that other one, I dont know.
Is that a problem area?

Thank You!

Post Information

  • Total Posts in this topic: 11 posts
  • Users browsing this forum: No registered users and 10 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.