Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : VPS Tutorials : is there anyways to do this ?

[DevilCrab]

hey is there anyway to keep getting log of commands run on linux centos VPS too keep watch.. like we have commands to get login IP and details when SSHed. so similarly i wanna keep log of commands anyone run in SSH.

is there anyway ?

[SeriesN]

"last" gives couple of last commands that were ran via ssh. I am pretty sure there is a log somewhere depending on your distro.

[DevilCrab]

hmm can anyone help me finding that log file ? or any method i receive those log file using email ?

actually i wanna keep track of my VPS usage using SSH, so if anyone try too root or hack it i can track him. Also, how does servers of hostgator and big companies are safe all times from bots , trojans, phishings etc ? ?? ?

What do they do and how do they keep track...

[SeriesN]

Quote:

Originally Posted by DevilCrab

hmm can anyone help me finding that log file ? or any method i receive those log file using email ?

actually i wanna keep track of my VPS usage using SSH, so if anyone try too root or hack it i can track him. Also, how does servers of hostgator and big companies are safe all times from bots , trojans, phishings etc ? ?? ?

What do they do and how do they keep track...

For that my friend, you either need skill or money or Both!

[DevilCrab]

Quote:

Originally Posted by SeriesN

For that my friend, you either need skill or money or Both!

lol.. are you really kidding ?

i thought i just said i wanna learn how to do that ! and for that i know it may cost to learn .. :\

[Shine Servers]

Quote:

Originally Posted by DevilCrab

hey is there anyway to keep getting log of commands run on linux centos VPS too keep watch.. like we have commands to get login IP and details when SSHed. so similarly i wanna keep log of commands anyone run in SSH.

is there anyway ?

The Logwatch package will email you a daily summary of a number of server logs, including the SSHd log. I get a summary of who successfully logged in via SSH, how many times, and from where, as well as what IPs tried to log in unsuccessfully and what credentials they used. It gets long if someone tries a brute-force SSH attack on a host where I'm allowing password authentication (I try to avoid that, favoring RSA keys instead, but the customer is always right and doesn't always understand public-key authentication. Anyway.)

To install Logwatch (which is basically just a collection of Perl filters for digesting various log formats) on Ubuntu, use apt-get install logwatch and then edit /etc/cron.daily/00logwatch, replacing --output mail with --mailto you@yourdomain.com. You'll get one a day. You can add more flags to tune which logs Logwatch actually reads.

[whrss]

@DevilCrab, the log file /var/log/secure will give you the details of the user who logged in:

For eg:

Code:

May 28 11:10:30 vps sshd[23627]: Accepted password for root from x.x.x.x port 60213 ssh2
May 28 11:10:30 vps sshd[23627]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 28 11:17:20 vps sshd[23627]: pam_unix(sshd:session): session closed for user root
May 28 11:17:26 vps sshd[29987]: Accepted password for root from x.x.x.x port 58425 ssh2
May 28 11:17:26 vps sshd[29987]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 28 11:23:27 vps su: pam_unix(su:session): session opened for "ssh_user" user by root(uid=0)
May 28 11:25:06 vps su: pam_unix(su:session): session closed for "ssh_user" user

To know the commands the user ran, you can check the .bash_history file in their home directory.

For user root, it will be /root/.bash_history and for other users, it will be:

/their_home_dir/.bash_history