1.0 KiB
See list of logged on users.
w
See last logons:
last
or all logon attempts, including bad attempts:
lastb
List recently accessed files:
last -d
See files opened by steve
lsof -t -u steve
See files opened by anyone but steve
lsof -u ^steve
Fuser can also track people loggingin:
fuser /var/log/syslog
... and fuser can kill everything accessing the home directory:
fuser -km /home
Looking for dodgy files
Some files can be executed by people as if they had super user permissions, and that's okay... sometimes.
Let's start with files executable by user:
sudo find / -type f -perm -g=s -ls
And then those executable by the group:
find / -type f -perm -g=s -ls
And finally, worrying files, executable by anyone as if sie were the owner:
find / -xdev
-o -nogroup-print
Then have a look at resource usage per user.
#SGID
sudo chmod u+s process.sh
This will modify process.sh to that instead of being simply executable, anyone executing it will have the permissions as if owner while executing it.