Re: [LINUX:1577] Telnet Session

Duzgun GUL (duzgun@Karmi.Emu.Edu.TR)
Wed, 1 Apr 1998 22:08:52 +0300 (EET DST)


On Wed, 1 Apr 1998, Bilgi Kuflu wrote:

> Merhaba,
>
> Dun yazdigim mail de pek acik olmadigim icin zannedersem yanlis
> anlasildim ve alakasiz cevaplar aliyorum. O yuzden sorumu daha acik
> olarak yineleme geregi hissettim.
>
> Bir Linux server'im var ve disaridan telnet ile bazi kullanicilar
> baglaniyorlar. Fakat syslog bu baglananlarin nereden baglandiklarinin,
> hangi isimle ne zaman giris yaptiklarinin, ve hangi komutlari
> calistirdiklarinin kayidini tutmuyor. last komutu ile bunlarin bir
> kismini gormek mumkun ama sadece kimin nereden, ne zaman baglandigini
> gosteriyor. Login olduktan sonra neler yaptiginin bilgileri tutulmuyor.

accton diye bir program var onu yuklerseniz sisteminize bu istediklerinizi
gorebilirsiniz..

ftp://karmi.emu.edu.tr/pub/Linux/admin/acct-1.3.73.tgz ( yeni bir surum
cikmis olabilir takip etmedim )

------------------------------------------------------------------------------

HOW TO ENABLE PROCESS ACCOUNTING ON LINUX



_Last updated: Fri Aug 8 09:25:58 HKT 1997_


Preamble: This document is copylefted by Albert M.C. Tam
(bertie@scn.org). Permission to use, copy, distribute this document for
non-commerical purposes is hereby granted, provided that the author's /
editor's name and this notice appear in all copies and/or supporting
documents; that this document is not modified. This document is
distributed in hope that it will be useful, but WITHOUT ANY WARRANTY,
either expressed or implied. While every effort has been taken to
ensure the accuracy of the information documented herein, the author /
editor / maintainer assumes NO RESPONSIBILITY for errors, or for
damages results for the use of the information documented herein.




This document describes how to enable system process accounting on a
Linux host, and the usage of various process accounting commands. It
is intended for users running kernel version greater than or equal to
1.3.73 (recently tested on RedHat 4.1 kernel 2.0.27). Kernels older
than 1.3.73 may need a patch in order to use the process accounting
feature.

Feel free to send any feedback or comments to bertie@scn.org if you
find an error, or if any information is missing. I appreciate it.


_________________________________________________________________



What is Process Accounting?



Process accounting is the method of recording and summarizing commands
executed on Linux. The modern Linux kernel is capable of keeping
process accounting records for the commands being run, the user who
executed the command, the CPU time, and much more.

Process accounting enables you to keep detailed accounting information
for the system resources used, their allocation among users, and
system monitoring.

Current Status of Process Accounting under Linux



Process accounting support has been integrated into the newer kernels
(version >= 1.3.73). If you are running an older kernel, you may need
some patch files. The patches are available from

ftp://iguana.hut.fi/pub/linux/Kernel/process_accounting



Requirements for Process Accounting on Linux



_Kernel_

Linux Kernel version greater than or equal to version 1.3.73, I
recommended 2.x. The kernel source is available from

http://sunsite.unc.edu/pub/Linux/kernel/v2.0



_Process accounting software_

Depending on the Linux distribution you have, you may, or may not have
the process accounting software package installed on your system. If
you don't have it, try downloading the package from

http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz




_________________________________________________________________



Process Accounting Setup on Linux



_1. Compile and install process accounting softwares_

The process accounting software package is available from

http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz



_2. Modify your system init script and turn on process accounting at
boot time _

Here's an example:

# Turn process accounting on.
if [ -x /sbin/accton ]
then
/sbin/accton /var/log/pacct
echo "Process accounting turned on."
fi



_3. Create accounting record file "pacct"_

Your process accounting softwares will print out all commands executed
to the file /var/log/pacct by default.

To create the accounting record file:

touch /var/log/pacct



This record file should be owned by root, has read-write permission
for root, and read permission for anybody else:

chown root /var/log/pacct
chmod 0644 /var/log/pacct



_4. Reboot_

Now reboot your system for changes you made to take effect.


_________________________________________________________________



Miscellaneous Process Accounting Commands



_ac_

ac prints out statistics about users' connection time in hours, based
on the logins and logouts in the current /var/log/wtmp file. ac is
also capable of printing out time totals for each day (-d option), and
for each user (-p option).

_accton_

accton is used to turn on or turn off process accounting. The file is
normally executed at system bootup or shutdown via system init
scripts.

_last_

last goes through the /var/log/wtmp file and prints out information
about connection times of users.

_sa_

sa summarizes accounting information from previously executed
commands, software I/O operation times, CPU times, as recorded in the
accounting record file /var/account/pacct.

_lastcomm_

lastcomm prints out the information about all previously executed
commands, recorded in /var/account/pacct.


> Oysa ftp deamonin da -l secenegi ile ftp yapan kisinin neler yaptigini
> gozlemlemek mumkun. Ama telnet deamoninda boyle bir secenek yok. Oyle
> ise telnet sessionlarinin logunu tutmak icin baska bir program olmali
> diye dusunuyorum. Zira system operatorleri icin telnet loglarinin, ftp
> loglarindan daha onemli oldugu, hatta hayati oldugu kanaatini tasiyorum.
> Yaniliyormuyum???
>

Duzgun GUL
EMU Computer Center
voice:+(90)392-3666588 ext:2007
3661504 ext:2007
e-mail:duzgun@cc.emu.edu.tr
duzgun@karmi.emu.edu.tr