lastlog

,–create-home Automatically create login directories-L, do not add the user to the Lastlog file-M, do not create the login directory automatically-R, set up the system account-o,–non-unique allows the user to have the same UID-p,–password password using encrypted passwords for new users-s,–shell Shell Login Time Shell-u,–uid UID Specifies a UID for the new user-z,–selinux-user Seuser use a specific seuser for the SELinux user mapping[Email protected]

/var/log/messages -Includes overall system information, which also contains logs during system startup. In addition,mail,cron,daemon,Kern and Auth and other content are also recorded in the var/log/messages log. /VAR/LOG/DMESG -Contains kernel buffering information ( Kernel ring Buffer ). When the system starts, many hardware-related information is displayed on the screen. You can view them with DMESG. /var/log/auth.log -Contains system licensing information, including user login and use of th

Display help message and exit.-K,--Skel skel_dir The skeleton directory,whichContains files and directories to be copiedinchThe user's home directory, when the home directory was created by Useradd.This option was only validifThe-m (or--create-Home) option is specified. If This option isn't set, the skeleton directory is defined by the SKEL variableinch/etc/default/useradd or, by default,/etc/Skel.-K,--key key=VALUE Overrides/etc/Login. Defs defaults (uid_min, Uid_max, UMASK, Pass_max_days and

log:Logrotate: Dump, compress, delete, backupLogin log:/var/log/lastlog lastlog Command View/var/log/wtmp who command view, current online user information/var/run/utmp w Command ViewBookkeeping function, recording user-used command installation PSACCTLog storage location:/var/accout/pacctStarting method;Service Psacct Start/etc/rc.d/init.d/psacct startAccton/var/account/pacctStop method:Accton without any

is used, the program can also disable recording of the command's history.inetd Trojan inetd program that provides remote access services to attackers.RSHD provides remote shell services for attackers. An attacker could launch a remote root shell using rsh-l Rootkitpassword Host command commands.SSHD provides the backdoor for an attacker to provide SSH services.And then the tool program. All programs that do not belong to the above types can be categorized as such, and they implement features su

1. Many important information is recorded in the login file, so the permissions to log in to the file are usually read only by root.1)/var/log/cron: Log of routine work schedule2)/VAR/LOG/DMESG: Record the information generated by the core detection process when the system is powered on.3) Var/log/lastlog: Can record all the accounts above the system last login system information, Lastlog instruction is to

) Directory Compression example: TAR-CJF temp.tar.bz2 temp37) Extract files:bunzip2 Directory Decompression Example: TAR-XJF temp.tar.bz2++++++++++++++++++++++++++++++ compression decompression command +++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++ Network command +++++++++++++++++++++++++++++++38) send messages to the user to Ctrl+d end:write Syntax: write [user]39] Send broadcast message: wall (send information to all current online users) Syntax: wall [information]40

OCT 00:58 (02:10) root PTS/3 :0.0 Sat Oct 18:59-00:41 (05:41) root nbsp ; PTS/2 :0.0 Sat Oct 18:34-00:41 (06: root PTS/1 :0.0 Sat Oct 1318:33-00:41 (06:08) root : 0 NB Sp sat Oct 18:32-00:41 (06:08) root : 0 sat Oct 13 18:32-18:32 (00:00) reboot system boot 2.6.18-194.el5 Sat Oct 18:31 NB Sp (06:09) root PTS/1 :0.0 NB Sp Thu Oct 20:12-03:17 (07:04) root : 0 thu Oct 20:12-03:17 (0

should be concerned about the file. To have the log file generated by the system, add: *.warning/var/log/syslog The log file can record information such as error password, sendmail problem, su command execution failure when the user logged in/etc/syslog.conf./var/log/lastlogThis log file records the most recent successful logon event and the last unsuccessful logon event that was generated by login. Each time a user logs on, the file is a binary file and needs to be viewed using the

Nearly half a year to do a lot of emergency response projects, targeted at hackers invasion. But I'm tired of not having time to summarize some of the things that are commonly used, and hope to use this blog post to share some of the common routines that security engineers are dealing with in response to emergencies, because there are a lot of possible offal.Personally, the core of the intrusion response is no more than four words, the clues. We often need to find more critical information after

Setting the user's login directory-d,–defaults changing settings-e,–expiredate Expire_date Set the user's validity period-f,–inactive inactive user expires, make password invalid-g,–gid Group enables users to belong to only one group-g,–groups groups enable users to join a group-h,–help Help-k,–skel Skel_dir Specify a different Skel directory-k,–key key=value Overwrite/etc/login.defs configuration file-m,–create-home Automatically create login directories-L, do not add the user to the

permissions mechanism. /var/log/boot.log -Contains the log at system startup. /var/log/daemon.log -Contains various system daemon log information. /var/log/dpkg.log – includes installation or DPKG command to clear the log of the package. /var/log/kern.log – Contains logs generated by the kernel to help resolve issues when customizing the kernel. /var/log/lastlog -Records the most recent information for all users. This is not an ASCII file,

overall system information, which also contains logs during system startup. In addition, content such as Mail,cron,daemon,kern and Auth is also recorded in the Var/log/messages log. /VAR/LOG/DMESG-Contains kernel buffering information (kernel ring buffer). When the system starts, a lot of hardware-related information is displayed on the screen. You can view them with DMESG./var/log/auth.log-Contains system authorization information, including user login and permission mechanisms to use./var/log

by the program, are part of the default setting that can help UNIX administrators find problems in the system and are useful for system maintenance. There are other log records that require an administrator to set up to take effect. Most of the log files are saved in the/var/log directory, which includes some application log files in addition to the system build log. Of course, other subdirectories in the/var directory also record other kinds of logging files, depending on the settings of the s

Tags: local syslog dmesg produce PNG boot color printing technology1 OK start rsyslogd service　　PS aux | grep rsyslogd See if the service is started　　chkconfig--list | grep rsyslog See if the service is self-booting2 The role of common logs log file description /var/log/cron System timer task related log /var/log/cups print Infolog /var/log/dmesg System boot-time kernel self-test information, can also

powered on. You can also use the DMESG command to view kernel self-test information directly. /var/log/btmp Logs logging of incorrect logins. This file is a binary file and cannot be viewed directly from VI, but to be viewed using the LASTB command. /var/log/lastlog Logs that record the last logon time for all users in the system. This file is also a binary file, not directly VI, but to use the

Tags: ssd mes login linu gem sys NTP Apach user(1) Query user information currently logged in W or who[@bjzw_11_210 ~]#W -:Geneva: -Up342Days -: on,2Users, load average:0.03,0.04,0.00USER TTY from [email protected] IDLE jcpu PCPU whatroot pts/0 10.149.239.20Thu130.00s0.19s0.00sWGuest pts/2 10.139.239.20Thu15 A: 43m0.02s0.02s-bashThe first line shows the current time, how long the boot (up), the average load of several users on the system, etc.The second line is the description of each ite

） uucp,news.crit /var/log/spooler(表示uucp和news同级别crit记录在spooler文件中) local2.* /var/log/sshd.log (自定义，如把/etc/ssh/sshd_conf中的SyslogFacility local2在/etc/rsyslog.conf定义local2.* /var/log/sshd.log，这样ssh登陆的log记录在sshd.log中)rsyslog.conf syntaxRULES: facility.priority target target： 文件路径：记录于指定的日志文件中，通常应该在/var/log目录下； 用户：将日志通知给指定用户: *指所有用户 日志服务器：@host host：必须要监听在tcp或udp协议514端口上提供服务 管道：|COMMANDLog format 事件产生的日期时间 主机 进程(pid) 事件内容 某些日志记录是进进制格式：（last,l

messages /var/log/messages Scheduled Tasks /var/log/cron System boot /var/log/dmesg Mail system /var/log/maillog User Login /var/log/lastlog ; /var/log/secure ; /var/log/wtmp ; /var/run/btmp 2. kernel and system logsService by System RSYSLOGD Unified ManagementPackage: rsyslog-5.8.10-8.el6.x86_64Main program:/SBIN/RSYSLOGDConfiguration file:/etc/rsyslog.conf lev

To find evidence of linux system intrusion, you can start from the following aspects:1. last and lastlog commands can be used to view the recently logged-on account and time2. for/var/log/secure,/var/log/messages log information, you can use the accept keyword to check whether the system has successfully logged on with a suspicious IP address.3. the user's task plan, file/var/spool/cron/tabs/user, some hackers will set the backdoor program, virus as a