Mobile app version of vmapp.org
Login or Join
BetL925

: How to find who's accessing my server? My server is Ubuntu I want to know all the people who access my server, is there a log that shows when and how the people access my server? --EDIT--

@BetL925

Posted in: #Lamp #Server #Ubuntu

I want to know all the people who access my server, is there a log that shows when and how the people access my server?

--EDIT--

Sorry for not providing any more details awhile ago. My server is Ubuntu 10.04 LTS running in Linode. I heard numerous scary story of hackers trying to hack a server, so I want to know where are the logs that will show me who accessed my server by ssh, or anything that can put my server in danger.

I have installed the LAMP stack in my server. That's all I have ever installed.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @BetL925

2 Comments

Sorted by latest first Latest Oldest Best

 

@Pierce454

Sounds like you're paranoid that hackers will hack your server. As long as you aren't specifically targeted for a hack (extremely unlikely), then you can keep from being hacked by:


Using strong passwords (and better yet, upgrade to public key crypto for your ssh server as well).
Being aware of all the services that people can access. Disable unneeded ones (i.e. disable an ftp server if you can use sftp)
Keeping everything up-to-date
Evaluating non-static web pages for SQL injections, File Inclusion vulnerabilities (LFI/RFI), and other vulnerabilities.


As long as you don't leave an obvious hole for somebody to get in through, you'll be fine. Most of the "hackers" out there who hack into random webservers are looking for the low-hanging fruit.

10% popularity Vote Up Vote Down


 

@Hamm4606531

Put on a security camera next to your server if you want to see who's accessing you physical server.

Just to know that someone is sending packets to your server, you can set up IP Tables:

sudo iptables -I INPUT -j LOG
sudo iptables -I FORWARD -j LOG


This is probably not what you meant, but it logs ALL incoming packets to /var/log/kern.log, whether those are valid or not. the previous command was illustrative, do not use it in this form or you'll flood your logs causing a possible DoS

A small list of services with their logfiles:


SSH: each login attempt is logged to /var/log/auth.log
Apache: on a default installation using apt, log files are written in the directory /var/log/apache2/
exim: connection attempts are logged to /var/log/exim4/mainlog (but harmless messages about the queue are logged to this one too)

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme