[Linux-Discussion] Re: tracking user logins...
- From: Curt Binder <binder@xxxxxxxxxxxxxx>
- To: linux-discussion@xxxxxxxxxxxxx
- Date: Wed, 31 Jul 2002 20:29:29 -0500
On Wednesday 31 July 2002 03:20 pm, you wrote:
> Scenario: I need to be able to expire system accounts that go unused for
> more than, say, 6 months.
>
I put an email into Exoo about his script that he runs on marilyn to disable
accounts that haven't been logged into for 6 months or more. I'll send it
to you when I get a reply back from him, hopefully within the next day or so.
> Problem: Lastlog is the only source of information that I'm aware of that
> really provides an easy means of tracking when a user last logged in.
> Telnet, SSH, and FTP all log there nicely, but Frontpage, Samba, and pop3
> don't.
>
Samba logs to /var/log/samba.HOST (or however you logging set in your samba
file and I believe this is the default way to log) where HOST is the name of
the windows/samba client, so there will be a separate logfile for each
machine logging in.
POP3 logs wherever you have all the mail.* logs going. I'm running GNU pop3d
on my mailserver and I have my mail.* logs goto /var/log/mail and I get an
entry from Gnu Pop3 each time I log in to check my mail with my POP3 client.
sample:
Jul 31 20:36:12 tux gnu-pop3d[4343]: Incoming connection opened
Jul 31 20:36:12 tux gnu-pop3d[4343]: User 'binder' logged in with mailbox
'binder'
Jul 31 20:36:12 tux gnu-pop3d[4343]: Session ended for user: binder
As far as Frontpage, I have no idea cause I don't use it (as you probably
already know) =)
I know you know that all this stuff is logged and this information is probably
not very 'useful' to you. A suggestion would be to possibly try this....
When you have the logs rotated each day, track who logged in. Keep a
'database/file' of when the user last logged in. Have that run each night
and then update the 'database/file' each day if needed. Then you could just
run a simple 'query' to see when the last login time was and you can go
accordingly.
So, since you use postgres (if I'm not mistaken), just have a perl script
parse the nightly log file and then connect to the dbase and update the
'last_login' field for the username. After that happens, run another perl
script to check to see which accounts have a 'last_login' time greater than 6
months.
This might be a little 'cpu intense' but if it runs when the machine is not
heavily used it wouldn't be much at all....especially since you are quite
versed in Perl, should be almost 'trivial' for you. ;)
Hope this helps,
Curt
--
# Curt Binder <binder@xxxxxxxxxxxxxx>
# ICQ: 3132781 AOL: cbinder69
# mobile: <mobile@xxxxxxxxxxxxxx>
# http://gotpenguin.com/
# Linux ... because Penguins Rule =)
Other related posts:
