forked from andonome/lk
initial commit
This commit is contained in:
Malin Freeborn
56
fundamentals/users.md
Normal file
56
fundamentals/users.md
Normal file
@@ -0,0 +1,56 @@
|
||||
See list of logged on users.
|
||||
|
||||
> w
|
||||
|
||||
See last logons:
|
||||
|
||||
> last
|
||||
|
||||
or all logon attempts, including bad attempts:
|
||||
|
||||
> lastb
|
||||
|
||||
List recently accessed files:
|
||||
|
||||
> last -d
|
||||
|
||||
See files opened by steve
|
||||
|
||||
> lsof -t -u steve
|
||||
|
||||
See files opened by anyone but steve
|
||||
|
||||
> lsof -u ^steve
|
||||
|
||||
Fuser can also track people loggingin:
|
||||
|
||||
> fuser /var/log/syslog
|
||||
|
||||
... and fuser can kill everything accessing the home directory:
|
||||
|
||||
> fuser -km /home
|
||||
|
||||
# Looking for dodgy files
|
||||
|
||||
Some files can be executed by people as if they had super user permissions, and that's okay... sometimes.
|
||||
|
||||
Let's start with files executable by user:
|
||||
|
||||
> sudo find / -type f -perm -g=s -ls
|
||||
|
||||
And then those executable by the group:
|
||||
|
||||
> find / -type f -perm -g=s -ls
|
||||
|
||||
And finally, worrying files, executable by anyone as if sie were the owner:
|
||||
|
||||
> find / -xdev \( -o -nogroup \) -print
|
||||
|
||||
Then have a look at resource usage per user.
|
||||
|
||||
#SGID
|
||||
|
||||
> sudo chmod u+s process.sh
|
||||
|
||||
This will modify process.sh to that instead of being simply executable, anyone executing it will have the permissions as if owner while executing it.
|
||||
|
||||
Reference in New Issue
Block a user