Linux Virtual terminal

The virtual terminal in Linux is so-called virtual, because it is physically still a software console on this machine, rather than a real remote physical terminal, but the virtual terminal is actually more unified in the implementation, which is similar to Linux for the same treatment device and general files.

Linux is a multi-terminal operating system, you can even use the same user ID on multiple terminals simultaneously login.

By default, there are 6 console virtual terminals and 1 GUI terminals. In the past Red Hat Linux to login to the terminal you can access the console virtual terminal via the ALT+F1 to F6 key, through the Alt+f7 landing GUI terminal. Now you need to use CTRL+ALT+FN in Fedora Core 6 and Fedora7. You can also use ALT + left and right arrows at the console terminal to select an adjacent terminal (although this key combination does not work in the GUI).

Look at/etc/inittab again.

Linux is a very personalized system, many places can be customized by yourself, in the previous article we have seen the Inittab file, now we need to look again, in fact, we can also control the number of virtual terminals on Linux

See here:

1:2345:respawn:/sbin/mingetty tty1

2:2345:respawn:/sbin/mingetty Tty2

3:2345:respawn:/sbin/mingetty Tty3

4:2345:respawn:/sbin/mingetty Tty4

5:2345:respawn:/sbin/mingetty Tty5

6:2345:respawn:/sbin/mingetty Tty6

1 to 6 means you have 6 console terminals, and you can simply modify this section of the file to add or remove some console virtual terminals. For example, comment out the sixth line (add a "#" before it), or delete it to remove tty6, and you can add the following to increase your seventh terminal:

7:2345:respawn:/sbin/mingetty Tty7

You can see simply modifying the first and last numbers.

UNIX network administrators rely mainly on the log of the system to obtain traces of the invasion. Of course, there are third-party tools to record the traces of the intrusion System, UNIX system storage log files, the normal location is as follows:

/usr/adm-Earlier versions of Unix
/var/adm-The new version uses this location
/var/log-Some versions of Solaris,linux Bsd,free BSD Use this location
/etc-most UNIX versions put utmp here, and some put wtmp here, syslog.conf here.

Some of the following files differ depending on the directory you are in:
Acct or PACCT--record the command records used by each user
Access_log--When the server is running NCSA httpd, record what site is connected to your server
Aculog--Keep the modems record you're dialing out.
Lastlog-Records the user's recent login record and the initial destination of each user, sometimes the last
Successful login record, when a user logs on to the UNIX system, the registration program finds the UID of the user in the Lastlog file, if the program finds a

The user's Uid,unix will display the last login time and TTY (terminal number)
Loginlog--Record some abnormal login records
Messages-records output to the system console, and additional information is generated by the syslog
Security--record some examples of attempts to enter the limits using the UUCP system
Sulog-records that use the SU command. It is usually in/var/adm/sulog. If you use the SU command on the machine, don't forget to clear it.
Utmp-Records All users currently logged on to the system, which is constantly changing as the user enters and leaves the system. It also maintains a long history for users in the system, and utmp logs are usually stored in the/var/adm/utmp directory. can be viewed with W and who commands, and other commands can also access this file. such as: Finger root is available. Now utmp generally have utmpx files as a supplement to the log records.
UTMPX--Extension of utmp
WTMP-Logs user login and exit events. It is similar to the Utmp log file, but it will become more and more larger as the number of landings, some of the system's FTP access is also recorded in this file, and it also records the normal system exit time, can be accessed with AC and last command.
Syslog-The most important log file, using the syslogd daemon to get log information, usually by looking at/etc/syslog.conf. We can tell what the syslog is recording. By default, it passes most messages to/var/adm/message.
/dev/log--A UNIX domain socket that accepts messages generated by processes running on the local machine
/dev/klog-A device that accepts messages from the UNIX kernel
514 Port-An Internet socket that accepts syslog messages generated by other machines over UDP.
UUCP-Records The UUCP information, can be updated by local UUCP activity, also can have remote site initiated
The action modification, information includes the call sent and received, the request sent, the sender, the
Delivery time and sending host
Lpd-errs--Log for handling printer failure information
FTP Log--perform ftpd with the-l option to get the recording function
httpd Log--httpd server logs every Web Access record in the log
History log-This file keeps a record of the user's most recent input commands
Vold.log-Logging of errors encountered when using external media

======================
Other types of log files-
======================
Some types of log files do not have a specific title, but start with a specific flag that you can find in the front header as
This is usually a log log file and you can edit it:
Xfer-Indicates an attempt to disable a file transfer.
Rexe--Indicates an attempt to execute an disallowed command
There are many other types of log files that exist, primarily caused by third-party software, or even a fucking webmaster
You have set up an "eye" on his system, so you have to be more than an idiot about the file you think might be a log file.
Many administrators like to put log files in the same directory for management, so you have to check the log file where you found it.
Directory, if there are other log files put here, if there is, then, you know how to do.
Another point you should pay attention to is the log user mail file, which can be a variety of filenames, or sometimes
Part of the syslog file. You need to know that syslog records that information, you can view the information in the syslog.conf this article
The contents of the pieces are in/etc
Generally we look at the syslog.conf file to see the configuration of the log. For example: cat/etc/syslog.conf

where SunOS operating system under/var/log and/var/adm, there are/usr/adm for/var/adm links.

Redhat under/var/log and/var/run.

The following is a sample of the logs in Sun os5.7. In addition, various shells record the history of the command used by the user, which uses the files in the user's home directory to record the history of these commands, usually the name of the file is. Sh_history (Ksh),. csh, or. bash_history (bash).

# Ls/var/adm
Acct log messages.1 passwd Sulog vold.log
Aculog messages messages.2 sa utmp wtmp
Lastlog messages.0 messages.3 spellhist utmpx wtmpx
# Ls/var/log
Authlog syslog syslog.1 syslog.3
Sysidconfig.log syslog.0 syslog.2 syslog.4

The following is a sample of the logs in redhat9.0.
# Ls/var/log
Boot.log DMESG messages.2 Secure UUCP
Boot.log.1 htmlaccess.log messages.3 secure.1 wtmp
boot.log.2 httpd messages.4 secure.2 WTMP.1
boot.log.3 lastlog netconf.log secure.3 xferlog
Boot.log.4 mailllog netconf.log.1 secure.4 xferlog.1
Cron Maillog netconf.log.2 sendmail.st xferlog.2
Cron.1 maillog.1 netconf.log.3 Spooler xferlog.3
Cron.2 maillog.2 netconf.log.4 Spooler.1 xferlog.4
Cron.3 Maillog.3 News Spooler.2
Cron.4 maillog.4 Normal.log spooler.3
Daily.log Messages Realtime.log SPOOLER.4
daily.sh Messages.1 Samba Transfer.log

# Ls/var/run
Atd.pid gpm.pid klogd.pid random-seed Treemenu.cache
Crond.pid identd.pid netreport Runlevel.dir utmp
Ftp.pids-allInetd.pid News Syslogd.pid

Generally we have to clear the logs there

Lastlog
Utmp (UTMPX)
Wtmp (WTMPX)
Messages
Syslog
Sulog
Generally put the above-mentioned log to rub, it can be. ：）
Let me tell you about the above information and how to clear the log. For more detailed information and other logs, please check the relevant information.
The above has made a brief statement of the function of the log, so what exactly are these log files recorded? Follow me
Here is an example:
SunOS 5.7
Login:gao
Password:
No directory! Logging in with home=/
Last Login:sun Feb 4 22:18:25 from 219.31.36.7
Sun Microsystems INC SunOS 5.7 Generic October 1998 $
The registration program then updates the Lastlog file with the new login time and TTY information, and the program updates the utmp wtmp. file.
Shell record:
 
. Sh_history (Ksh),. History (CSH), or. bash_history (bash), are the historical records of shell execution. Records the commands executed by the user. It usually exists in the user's home directory. Don't forget to take a look at the root directory.

1. Logs are files in some form of text. The stupidest way to do this is to edit the log file with a text editor. Deletes the related record. To achieve wiping footprints and hide their effects.
For example, with VI
But it's a stupid thing to do. It's too much trouble, too much work.

2. Use rm-f to delete the log. Like Rm-f/usr/adm/lastlog.
It is foolish to do so.
It is easier for administrators to find someone to invade. But, relatively speaking, they are still protected. ：）
Can be used on some less important machines.
3. Clear with the > redirect.
Like what:
Cat >/usr/log/lastlog

-> Enter what you want to write here. It is better to disguise like some, or do not enter OH. ：）
^d-> Here The ^d is the key ctrl + D.
# ．

4. It is of course best to use the Log Cleanup tool.
Enter a few commands to let the program help you wipe:)
A. Common log cleanup tool.
A better log cleaner is described below. ：）

http://packetstormsecurity.nl/UNIX/penetration/log-wipers/wipe-1.00.tgz
He can totally erase it.
Lastlog
Utmp
Utmpx
Wtmp
Wtmpx

now let's take a look. (Demonstration work Platform SunOS 5.7)
# gzip-d Wipe-1.00.tgz
# TAR-XF Wipe-1.00.tar
# CD wipe-1.00
# Ls-al
Total 32
Drwxr-xr-x 2 root root 512 February 4 20:48.
DRWXRWXRWX 6 Root Other 1024 February 4 18:40..
-rw-r--r--1 root root 130 1997 January 9 INSTALL
-rw-r--r--1 root Staff 1389 1997 January 9 Makefile
-rw-r--r--1 root root 498 1997 January 9 README
-rw-r--r--1 root Staff 10027 1997 January 9 wipe.c
# make
Wipe v0.01!
Usage: ' Make ' where System types is:
Linux FreeBSD Sunos4 Solaris2 Ultrix
AIX irix Digital BSDI NetBSD Hpux

#
We can see that it needs to show the system options. These options are:
Linux FreeBSD Sunos4 Solaris2 Ultrix
AIX irix Digital BSDI NetBSD Hpux
We have to clear the relevant system log to be compiled under the same system.
For example, we want to compile under Linux, such as Redhat, should be: Make Linux
Compiling under FreeBSD should be: Make FreeBSD
Compiled at SunOS 4, it should be: Make Sunos4
In SunOS 5 or more of the system compiled, should be: Make Solaris2 
# Make Solaris2
Gcc-o3-dhave_lastlog_h-dhave_utmpx-o Wipe wipe.c
# Ls-al
Total 94
Drwxr-xr-x 2 root root 512 February 4 21:03.
DRWXRWXRWX 6 Root Other 1024 February 4 18:40..
-rw-r--r--1 root root 130 1997 January 9 INSTALL
-rw-r--r--1 root Staff 1389 1997 January 9 Makefile
-rw-r--r--1 root root 498 1997 January 9 README
-rwxr-xr-x 1 root Other 30920 February 4 21:03 Wipe
-rw-r--r--1 root Staff 10027 1997 January 9 wipe.c
#./wipe
Usage:wipe [Uwla] ... options ...
UTMP editing:erase all Usernames:wipe u [Username]
Erase one username on tty:wipe u [username] [TTY]
WTMP Editing:erase last entry for User:wipe W [username]
Erase last entry on tty:wipe w [username] [TTY] Lastlog
Editing:blank Lastlog for User:wipe l [Username] Alter Lastlog
Entry:wipe l [username] [TTY] [TIME] [host]
Where [TIME] is in the format [YYMMDDHHMM]
ACCT editing:erase ACCT entries on Tty:wipe a [username] [TTY]
You can see how well compiled wipe are used.
where u option is utmp utmpx log erase:
The W option is wtmp wtmpx log erase.
The l option is lastlog log erase.
A is a/VAR/ADM/PACCT log erase. (This is not normally used.) ：）
Where [TTY] is the terminal number. To clear the Log usage option when multiple simultaneous logins are in the same account. Of course, it's your terminal number. ：）
You can use the W command to check the terminal number.
Like what:
# W
PM 9:15 1 user, average load: 0.00, 0.00, 0.01
User name Terminal number login time idle jcpu PCPU execute command
Root PTS/1 7:40
3 W
The following is my specific usage on SunOS 5.7.
# W
PM 9:15 1 user, average load: 0.00, 0.00, 0.01
User name Terminal number login time idle jcpu PCPU execute command
Root pts/1 pm 7:40 3 W
 
 
#./wipe u Root
Patching/var/adm/utmp .... Done.
Patching/var/adm/utmpx .... Done.
# W
PM 9:15 1 user, average load: 0.00, 0.00, 0.01
User name Terminal number login time idle jcpu PCPU execute command
#./wipe W Gao
Patching/var/adm/wtmp .... Done.
Patching/var/adm/wtmpx .... Done.
#./wipe L Root
Patching/var/adm/lastlog .... Done.
It's all right.
Lastlog utmp utmpx wtmp wtmpx wiped out.   
 
Of course we don't forget the shell record.
# Ls-al/.*history
-RW-------1 root Other 456 February 4 20:27. sh_history
# rm-f. *history
# CD
# pwd
/home/gao

# Ls-al/.*history
-RW-------1 root Other 456 February 4 20:27. sh_history
# rm-f. *history

OK, it's done.

Linux Virtual terminal