Ping a Specific Port

Question

OJW

Asked: 2013-02-23 04:12:58 +0800 CST2013-02-23 04:12:58 +0800 CST 2013-02-23 04:12:58 +0800 CST

Monitoring auth.log

772

Say you want to be able to easily see who's logged in to a system recently.

auth.log has this information, but it's very cluttered with crontab entries and you have to use sudo to read it.

Proposed solution:

Write a script to parse /var/log/auth.log looking for interesting things
Make root the owner of that script
Create a user who can't login
Add that user to the "adm" group, thus giving them read-only access to logfiles
Put the script in that user's crontab

What are the security risks of that solution? Adding someone to adm group seems risky, but if all they can do is run a script that's been checked to not do anything bad.

1 Answers

Voted

Cedric · Answer 1 · 2013-02-23T04:50:17+08:00

Best Answer

Cedric

2013-02-23T04:50:17+08:002013-02-23T04:50:17+08:00

The solution should not pose a security risk by itself, unless output of the script is sent via mail or saved somewhere readable by other users.

The purpose of the adm-group is to allow users in that group to consult log files and /dev/console, used by eg. xconsole to display console messages.

0

Monitoring auth.log

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?