RE: [cobalt-users] Tracing Logins

["Jolley, Carl" <Carl.Jolley@xxxxxxx>]

-----Original Message-----
From: ISEE Multimedia 
Sent: Friday, August 16, 2002 6:57 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Tracing Logins


Hi All,

whenever i log into ssh, which only i have access for, sometimes it comes up
with last loging...... with a date and time when i know
i didnt log in.

is there a script that can email me whenever someone logs in through ssh so
i can try and see who it is?

Any ideas.
--------------------------

For a specified login user, you can run any program or script you like by
putting  the associated commands into the .bash_login file. Of couse that
will
mean every time YOU log in to as that user, it's going to e-mail you as
well.
If you get such an e-mail what are your going to do? It sounds to me like
its
time to change passwords. i.e. before whoever else is logging in decides to
do so.
Note if they have the root password to your box they can log in to your
account
without knowing the password or even if you change the password.

Note the use of a .bash_login file such as I have suggested can be
relatively
easily avoided if someone has the root password to your box by just changing
the
shell associated with the account  in the /etc/passwd file or by of course
altering
your .bash_logng file to remove the commands that do the e-mail. Even if
they don't
have the root password they can always log in to the account and alter the
.bash_login
so that the next time they log in the e-mail won't be sent. If you can
detect the log-in
close to when it happened or while they are still logged on, you should be
able to look
at your last log to see where they came from. Of course if they are real
wiley and they
have the root password they will alter the last log when they log in. Unless
you know
for sure that they don't have your root password, you should change it, too.
Since it
probably very difficult to know for sure that they don't have your root
password, you
should probably change it anyway.