,–create-home Automatically create login directories-L, do not add the user to the Lastlog file-M, do not create the login directory automatically-R, set up the system account-o,–non-unique allows the user to have the same UID-p,–password password using encrypted passwords for new users-s,–shell Shell Login Time Shell-u,–uid UID Specifies a UID for the new user-z,–selinux-user Seuser use a specific seuser for the SELinux user mapping[Email protected]
/var/log/messages -Includes overall system information, which also contains logs during system startup. In addition,mail,cron,daemon,Kern and Auth and other content are also recorded in the var/log/messages log. /VAR/LOG/DMESG -Contains kernel buffering information ( Kernel ring Buffer ). When the system starts, many hardware-related information is displayed on the screen. You can view them with DMESG. /var/log/auth.log -Contains system licensing information, including user login and use of th
Display help message and exit.-K,--Skel skel_dir The skeleton directory,whichContains files and directories to be copiedinchThe user's home directory, when the home directory was created by Useradd.This option was only validifThe-m (or--create-Home) option is specified. If This option isn't set, the skeleton directory is defined by the SKEL variableinch/etc/default/useradd or, by default,/etc/Skel.-K,--key key=VALUE Overrides/etc/Login. Defs defaults (uid_min, Uid_max, UMASK, Pass_max_days and
is used, the program can also disable recording of the command's history.inetd Trojan inetd program that provides remote access services to attackers.RSHD provides remote shell services for attackers. An attacker could launch a remote root shell using rsh-l Rootkitpassword Host command commands.SSHD provides the backdoor for an attacker to provide SSH services.And then the tool program. All programs that do not belong to the above types can be categorized as such, and they implement features su
1. Many important information is recorded in the login file, so the permissions to log in to the file are usually read only by root.1)/var/log/cron: Log of routine work schedule2)/VAR/LOG/DMESG: Record the information generated by the core detection process when the system is powered on.3) Var/log/lastlog: Can record all the accounts above the system last login system information, Lastlog instruction is to
OCT 00:58 (02:10) root PTS/3 :0.0 Sat Oct 18:59-00:41 (05:41) root nbsp ; PTS/2 :0.0 Sat Oct 18:34-00:41 (06: root PTS/1 :0.0 Sat Oct 1318:33-00:41 (06:08) root : 0 NB Sp sat Oct 18:32-00:41 (06:08) root : 0 sat Oct 13 18:32-18:32 (00:00) reboot system boot 2.6.18-194.el5 Sat Oct 18:31 NB Sp (06:09) root PTS/1 :0.0 NB Sp Thu Oct 20:12-03:17 (07:04) root : 0 thu Oct 20:12-03:17 (0
should be concerned about the file. To have the log file generated by the system, add: *.warning/var/log/syslog The log file can record information such as error password, sendmail problem, su command execution failure when the user logged in/etc/syslog.conf./var/log/lastlogThis log file records the most recent successful logon event and the last unsuccessful logon event that was generated by login. Each time a user logs on, the file is a binary file and needs to be viewed using the
Nearly half a year to do a lot of emergency response projects, targeted at hackers invasion. But I'm tired of not having time to summarize some of the things that are commonly used, and hope to use this blog post to share some of the common routines that security engineers are dealing with in response to emergencies, because there are a lot of possible offal.Personally, the core of the intrusion response is no more than four words, the clues. We often need to find more critical information after
Setting the user's login directory-d,–defaults changing settings-e,–expiredate Expire_date Set the user's validity period-f,–inactive inactive user expires, make password invalid-g,–gid Group enables users to belong to only one group-g,–groups groups enable users to join a group-h,–help Help-k,–skel Skel_dir Specify a different Skel directory-k,–key key=value Overwrite/etc/login.defs configuration file-m,–create-home Automatically create login directories-L, do not add the user to the
permissions mechanism.
/var/log/boot.log -Contains the log at system startup.
/var/log/daemon.log -Contains various system daemon log information.
/var/log/dpkg.log – includes installation or DPKG command to clear the log of the package.
/var/log/kern.log – Contains logs generated by the kernel to help resolve issues when customizing the kernel.
/var/log/lastlog -Records the most recent information for all users. This is not an ASCII file,
overall system information, which also contains logs during system startup. In addition, content such as Mail,cron,daemon,kern and Auth is also recorded in the Var/log/messages log. /VAR/LOG/DMESG-Contains kernel buffering information (kernel ring buffer). When the system starts, a lot of hardware-related information is displayed on the screen. You can view them with DMESG./var/log/auth.log-Contains system authorization information, including user login and permission mechanisms to use./var/log
by the program, are part of the default setting that can help UNIX administrators find problems in the system and are useful for system maintenance. There are other log records that require an administrator to set up to take effect. Most of the log files are saved in the/var/log directory, which includes some application log files in addition to the system build log. Of course, other subdirectories in the/var directory also record other kinds of logging files, depending on the settings of the s
Tags: local syslog dmesg produce PNG boot color printing technology1 OK start rsyslogd service PS aux | grep rsyslogd See if the service is started chkconfig--list | grep rsyslog See if the service is self-booting2 The role of common logs
log file
description
/var/log/cron
System timer task related log
/var/log/cups
print Infolog
/var/log/dmesg
System boot-time kernel self-test information, can also
powered on. You can also use the DMESG command to view kernel self-test information directly.
/var/log/btmp
Logs logging of incorrect logins. This file is a binary file and cannot be viewed directly from VI, but to be viewed using the LASTB command.
/var/log/lastlog
Logs that record the last logon time for all users in the system. This file is also a binary file, not directly VI, but to use the
Tags: ssd mes login linu gem sys NTP Apach user(1) Query user information currently logged in W or who[@bjzw_11_210 ~]#W -:Geneva: -Up342Days -: on,2Users, load average:0.03,0.04,0.00USER TTY from [email protected] IDLE jcpu PCPU whatroot pts/0 10.149.239.20Thu130.00s0.19s0.00sWGuest pts/2 10.139.239.20Thu15 A: 43m0.02s0.02s-bashThe first line shows the current time, how long the boot (up), the average load of several users on the system, etc.The second line is the description of each ite
messages
/var/log/messages
Scheduled Tasks
/var/log/cron
System boot
/var/log/dmesg
Mail system
/var/log/maillog
User Login
/var/log/lastlog ; /var/log/secure ; /var/log/wtmp ; /var/run/btmp
2. kernel and system logsService by System RSYSLOGD Unified ManagementPackage: rsyslog-5.8.10-8.el6.x86_64Main program:/SBIN/RSYSLOGDConfiguration file:/etc/rsyslog.conf lev
To find evidence of linux system intrusion, you can start from the following aspects:1. last and lastlog commands can be used to view the recently logged-on account and time2. for/var/log/secure,/var/log/messages log information, you can use the accept keyword to check whether the system has successfully logged on with a suspicious IP address.3. the user's task plan, file/var/spool/cron/tabs/user, some hackers will set the backdoor program, virus as a
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.