Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Networking > Issue <<  326 of 356 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 12074
Last update: 10-30-08
Issue:
Does su get logged when someone logs in through telnet?
Resolution:

Yes. If the user connects as the user regularuser and then runs # su -, there will be an entry in /var/log/messages:

Dec 15 09:14:23 rhel4-telnet-server su(pam_unix)[20897]: session opened for user root by regularuser(uid=500)


If the user connects directly as root, there are log entries in the remote machine's /var/log/messages and /var/log/secure.
The /var/log/messages entry will look similar to:

Dec 15 09:08:52 rhel4-telnet-server remote(pam_unix)[20965]: session opened for user root by (uid=0)
Dec 15 09:08:52 rhel4-telnet-server -- root[20965]: ROOT LOGIN ON pts/5 from 192.168.2.105


That uid=0 line will always say =0 no matter which user was logged in as on the local machine.

In /var/log/secure, the line will look like:

Dec 15 09:08:52 rhel4-telnet-server xinetd[20965]: START: telnet pid=20764 from 192.168.2.105


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Networking > Issue <<   326  of  356  >>