[Wolves] Debian Query
James Turner
james at turnersoft.co.uk
Wed May 26 19:51:38 BST 2004
On Wednesday 26 May 2004 15:37, Andy Hill wrote:
> Mark Cook <mark at centro-webnet.co.uk> wrote:
> Hi,
>
> I wonder if anyone knows how to perform a full audit
> of a debian system.
> ie grok every user/system account that exists?
>
> Thanks.
>
> HI Mark,
>
> I think there are 2 things you can try.
>
> 1)pipe the /etc/passwd file to the console and inspect
> that [execute: 'cat /etc/passwd']
>
> 2)if you are looking to check out simply who is
> currently logged into your system, just run a who
> query [execute: 'w']
>
> On most systems there is no need to be root while
> carrying out either of these procedures.
>
> Hope that helps or puts you in the right direction at
> least.
Additionally, "last" will give a list of system boots/shutdowns, login times,
locations and the duration each user was logged in for (or the machine was up
for). Useful variants:
last | head -n 10 - Limit output to last 10 logins/boots to have occured
last | grep reboot - How impressive (or not) is your system's uptime?
last | grep crash - When did the system last crash?
The information returned comes from file /var/log/wtmp.
James
More information about the Wolves
mailing list