Re: User logins not appearing in wtmp?
- From: Camaleón <noelamac@xxxxxxxxx>
- Date: Wed, 6 Jun 2012 16:14:05 +0000 (UTC)
On Wed, 06 Jun 2012 11:36:09 -0300, francis picabia wrote:
Today I see from logwatch report 28 sshd logins from one user at an IP
address in a different continent than usually seen here.
When I look up this user with last command to see if this is part of a
travel pattern or perhaps their account is compromised, I don't get any
matches. I've used last and last -f /var/log/wtmp.1 with the user name
and there are no matches.
OpenSSH logins fall under "/var/log/auth*" logs.
Yet finger shows a login from Apr 24, which jives with their last
.bash_history update
One way this could happen is by use of sftp/scp. Is there a way to get
last to record these sessions as well?
Mmm... any specific reason for wanting these logs available within
wtmp? :-?
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/jqnvkc$u68$16@xxxxxxxxxxxxxxx
- Follow-Ups:
- Re: User logins not appearing in wtmp?
- From: francis picabia
- Re: User logins not appearing in wtmp?
- References:
- User logins not appearing in wtmp?
- From: francis picabia
- User logins not appearing in wtmp?
- Prev by Date: Re: the ghost of UEFI and Micr0$0ft
- Next by Date: Re: Default sound for alarm-clock 0.3.1 in Squeeze.
- Previous by thread: User logins not appearing in wtmp?
- Next by thread: Re: User logins not appearing in wtmp?
- Index(es):
Relevant Pages
|
