Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

login time in seconds 1

Status
Not open for further replies.
polani

polani

Instructor
Jun 4, 2003
159
0
0
CA
Dears ,
I have been put into a difficult situation by one of my security advisors...
which is that if any one of the user login into the system and logout within same minute ( i.e if he logout from system in 45 seconds ) the last command
could not be able to display the duration of user's session properly as " last" command shows ( 23:42-23:42) i.e in hh:mm format.
Now two questions:
1.Is there any way to get the duration of session in seconds?

2.I know how to get the login time in seconds ( lsuser or
/etc/security/lastlog file) but does any body conceive any way to
record the logout time in same way?

polani


Here comes polani Once again!!!

P690 Certified Specailist
HACMP & AIX Certified Specailist
AIX & HACCMP Instructor
 
Sort by date Sort by votes
maybe the following will help you:

# last -t 200310300133.17
root pts/0 remote.host Oct 30 01:32 - 01:33 (00:00)

wtmp begins Sep 08 08:10
# last -t 200310300133.18
root pts/0 remote.host Oct 30 01:32 - 01:33 (00:00)

wtmp begins Sep 08 08:10
# last -t 200310300133.19

wtmp begins Sep 08 08:10
#
 
Upvote 0 Downvote
hi Dears,
Does anyone have some more ideas in thier minds to solve
this problem.
I will really appreciate any solution
I have in my mind to use TCP Wrapper for this purpose
but do not know will it allow any configuration options.

Polani.


Here comes polani Once again!!!

P690 Certified Specailist
HACMP & AIX Certified Specailist
AIX & HACCMP Instructor
 
Upvote 0 Downvote
polani ,

We are using tcp-wrappers but I am not sure if it will work for your purpose. I don't know any log of tcp-wrappers where to find any login information. We are using tcp-wrappers to give ftp and telnet authorizations for specified ip numbers.
 
Upvote 0 Downvote
Just write a C program that is executed when they login and gets the tty device they login on and counts the seconds until the user logs off the tty.
 
Upvote 0 Downvote
hi
I am not a C programmer..
Can any body help me out on this idea??

Polani

Here comes polani Once again!!!

P690 Certified Specailist
HACMP & AIX Certified Specailist
AIX & HACCMP Instructor
 
Upvote 0 Downvote
Hi Polani,
the problem is ... you can easily track when a session begin, by insering something in the .profile but there isn't anything which can track when a session ends, simply because this can happen for a lot of reasons like network failure or Ctrl+D sequence or ... did you try to activate auditing on your system?
 
Upvote 0 Downvote
hi,
I want to discuss the idea.
echo date in mmhhddss format from .profile into a text file
echo date in mmhhddss format from .logout into same text file.
Now the problem is how to convert this text file into the login file format ... i think fwtmp command may help in this regard but how.....i myself do not know.
i think IBM should correct this bug otherwise all of us may have to face such foolish points from IT auditors.

Here comes polani Once again!!!

P690 Certified Specailist
HACMP & AIX Certified Specailist
AIX & HACCMP Instructor
 
Upvote 0 Downvote
I gave a look to the fwtmp command and it should work.
There is a security problem with the idea, you have to protect the .profile and .logout from writing by the user.
This means the connecting user can only execute these files but not modify them.
You should change the ownership of these files to root and give the execution rights to the final user
 
Upvote 0 Downvote
I know you said you were not a C programmer, but the easiest way I've found to minutely track logins is still to read the wtmpx entries directly with the getutxent C library call. That said, I believe you may be attacking the problem from the wrong angle.

Take a step back and look at the original question asked of you, which is basically how does "last" handle a very short duration login?

On AIX 5.1: log in, immediately log out, and log back in again, last will show:
root pts/1 10.23.115.21 Thu Nov 20 11:44 still logged in
root pts/1 10.23.115.21 Thu Nov 20 11:43 - 11:44 (00:00)

The second line is the login/logout with duration of (00:00). I just happened to do this test on a minute boundary, so I did it again:
root pts/4 10.23.115.21 Nov 20 11:46 - 11:46 (00:00)

Thus, 'last' can and will track the special case when a user logs in and then logs back out within the same minute, and your security advisor's concerns are answered.

If he wants any data on sub-minute duration logins, giving it to him is a simple `last | grep "(00:00)"` and editing the output for clarity.
 
Upvote 0 Downvote
HI
my auditors want to have logging for every seconds
I think it is not a bad need from them.
As any hacker can login into the system for few seconds
and can issue any command.
And as per the problem SA ca not determine exact duration of the session
In short duration 00:00 is not sufficing my auditors need.

please any more any advices






Here comes polani Once again!!!

P690 Certified Specailist
HACMP & AIX Certified Specailist
AIX & HACCMP Instructor
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

HariharanER
  • Locked
  • Question
Current versions are used in AIX
Replies
0
Views
87
HariharanER
HariharanER
Declan-Hughe-CS
  • Locked
  • Question
Curl - AIX 7.2 - Illegal instruction - core dumped
Replies
0
Views
110
Declan-Hughe-CS
Declan-Hughe-CS
mar3i
  • Locked
  • Question
Cannot inrease var filesystem 1
Replies
2
Views
60
pa2nc
pa2nc
tmpmoa
  • Locked
  • Question
Could not load program git-remote-http in AIX
Replies
0
Views
45
tmpmoa
tmpmoa
dhirender
  • Locked
  • Question
How to calculate total disk space available in AIX
Replies
1
Views
87
johnherman
johnherman

Part and Inventory Search

Sponsor

Back
Top