Koozali.org: home of the SME Server

Obsolete Releases => SME Server 6.x => Topic started by: treyh on October 25, 2006, 05:17:14 PM

Title: Password Change - Log File ?
Post by: treyh on October 25, 2006, 05:17:14 PM

Hello,

I believe someone is changing the root/admin password via the server-manager and lying about it.

What log can I check to verify if this is true or not?

Trey

Title: caught them ;)
Post by: treyh on October 25, 2006, 05:25:18 PM

I went to the server manager and used the view log utility to view the messages log

Found this  :D

Oct 25 10:02:55 mail PAM_pwdb[8140]: password for (root/0) changed by (root/0)
Oct 25 10:03:10 mail login(pam_unix)[506]: session closed for user root

Title: another question
Post by: treyh on October 25, 2006, 05:33:50 PM

How do I tell who has SSHed into a default install of sme server 6?

Title: Re: another question
Post by: raem on October 26, 2006, 01:45:08 PM

treyh

> How do I tell who has SSHed into a default install of sme server 6?

Also in the messages log file, although if they login as root then you can't really tell who they are, can you.
One of the reasons not to give end users (even 2nd level admins) root access.

You can allow users to have ssh access by command line control, or there is a remote access contrib from dungog.
There is also the user-manager panel for "server manager style" admin access for selected users.
You can control what panels they have access to.

Sounds to me like you should be changing the root password immediately, and configuring per user access.

Title: ...
Post by: treyh on October 26, 2006, 03:06:33 PM

RayMitchell

I've used the contrib from dungog that you mentioned, that is my normal practice.

Unfortenly this server belongs to a customer of mine and controls the password and etc.

I am 100% sure at this point she has someone else working on that and other servers, which I wouldn't mind at all. I just don't like being lied to.