: How to find who's accessing my server? My server is Ubuntu I want to know all the people who access my server, is there a log that shows when and how the people access my server? --EDIT--

@Pierce454

Sounds like you're paranoid that hackers will hack your server. As long as you aren't specifically targeted for a hack (extremely unlikely), then you can keep from being hacked by:


Using strong passwords (and better yet, upgrade to public key crypto for your ssh server as well).
Being aware of all the services that people can access. Disable unneeded ones (i.e. disable an ftp server if you can use sftp)
Keeping everything up-to-date
Evaluating non-static web pages for SQL injections, File Inclusion vulnerabilities (LFI/RFI), and other vulnerabilities.


As long as you don't leave an obvious hole for somebody to get in through, you'll be fine. Most of the "hackers" out there who hack into random webservers are looking for the low-hanging fruit.

Vote Up Vote Down

@Hamm4606531

Put on a security camera next to your server if you want to see who's accessing you physical server.

Just to know that someone is sending packets to your server, you can set up IP Tables:

sudo iptables -I INPUT -j LOG
sudo iptables -I FORWARD -j LOG


This is probably not what you meant, but it logs ALL incoming packets to /var/log/kern.log, whether those are valid or not. the previous command was illustrative, do not use it in this form or you'll flood your logs causing a possible DoS

A small list of services with their logfiles:


SSH: each login attempt is logged to /var/log/auth.log
Apache: on a default installation using apt, log files are written in the directory /var/log/apache2/
exim: connection attempts are logged to /var/log/exim4/mainlog (but harmless messages about the queue are logged to this one too)

Vote Up Vote Down