3. Agenda
yum dnf for psacct / acct
Monitoring user activity
Kerberos
LDAP
Active Directory
System utility commands (date, uptime,
hostname, which, cal, bc etc.)
4. Dnf and yum
The DNF package manager offers robust features
for installing, updating, and removing packages.
Dandified yum, better known as DNF, is a
software package manager for RPM-based Linux
distributions that installs, updates, and removes
packages. It was first introduced in Fedora 18 in a
testable state (i.e., tech preview), but it's been
Fedora's default package manager since Fedora
22.
5. Dnf and yum
Since it is the next-generation version of the
traditional yum package manager, it has more
advanced and robust features than you'll find in
yum.
6. Dnf and yum
For more details and practice
https://opensource.com/article/18/8/guide-yum-dnf
7. User activity
This program provides an excellent way to
monitor what users are doing, what commands
are they firing, how much resources are being
consumed by them, how long users are active on
the system. Another great feature of this program
is it gives total resources consumed by services
like Apache, MySQL, FTP,SSH etc.
8. User activity
The psacct or acct package provides several features for
monitoring process activities.
ac command prints the statistics of user logins/logouts
(connect time) in hours.
lastcomm command prints the information of previously
executed commands of user.
9. User activity
accton commands is used to turn on/off process for
accounting.
sa command summarizes information of previously
executed commands.
last and lastb commands show listing of last logged in
users.
10. User activity
psacct or acct both are similar packages and there is not
much difference between them, but the psacct package
only available for rpm based distributions such as RHEL,
CentOS and Fedora, whereas acct package available for
distributions like Ubuntu, Debian and Linux Mint.
To install psacct package under rpm based distributions
issue the following yum command.
# yum install psacct
11. User activity
o install acct package using apt-get command under
Ubuntu / Debian / Linux Mint.
$ sudo apt-get install acct
OR
# apt-get install acct
12. Starting psacct or acct service
By default psacct service is in disabled mode and you
need to start it manually under RHEL/CentOS/Fedora
systems. Use the following command to check the status
of service.
# /etc/init.d/psacct status
Process accounting is disabled.
13. Starting psacct or acct service
You see the status showing as disabled, so let’s start it
manually using the following both commands. These two
commands will create a /var/account/pacct file and start
services.
14. Starting psacct or acct service
# chkconfig psacct on
# /etc/init.d/psacct start
Starting process accounting: [ OK ]
After starting service, check the status again, you will get
status as enabled as shown below.
# /etc/init.d/psacct status
Process accounting is enabled.
15. Starting psacct or acct service
Under Ubuntu, Debian and Mint service is started
automatically, you don’t need to start it again.
16. Display Statistics of Users Connect Time
Under Ubuntu, Debian and Mint service is started
automatically, you don’t need to start it again.
17. Display Statistics of Users Connect Time
ac command without specifying any argument will
displays total statistics of connect time in hours based on
the user logins/logouts from the current wtmp file.
# ac
total 1814.03
18. Display Statistics of Users Day-wise
Using command “ac -d” will prints out the total login time
in hours by day-wise.
# ac -d
Sep 17 total 5.23
Sep 18 total 15.20
Sep 24 total 3.21
Sep 25 total 2.27
Sep 26 total 2.64
Sep 27 total 6.19
Oct 1 total 6.41
Oct 3 total 2.42
Oct 4 total 2.52
Oct 5 total 6.11
Oct 8 total 12.98
Oct 9 total 22.65
Oct 11 total 16.18
19. Display Time Totals for each User
Using command “ac -p” will print the total login time of
each user in hours.
# ac -p
root 1645.18
tecmint 168.96
total 1814.14
20. Display Individual User Time
To get the total login statistics time of user “khawar” in
hours, use the command as.
# ac khawar
total 168.96
21. Display Day-Wise Logn Time of User
The following command will prints the day-wise total login
time of user “tecmint” in hours.
# ac -d tecmint
Oct 11 total 8.01
Oct 12 total 24.00
Oct 15 total 70.50
Oct 16 total 23.57
Oct 17 total 24.00
Oct 18 total 18.70
Nov 20 total 0.18
22. Print All Account Activity Information
The “sa” command is used to print the summary of
commands that were executed by users.
# sa
2 9.86re 0.00cp 2466k sshd*
8 1.05re 0.00cp 1064k man
2 10.08re 0.00cp 2562k sshd
12 0.00re 0.00cp 1298k psacct
2 0.00re 0.00cp 1575k troff
14 0.00re 0.00cp 503k ac
10 0.00re 0.00cp 1264k psacct*
10 0.00re 0.00cp 466k consoletype
9 0.00re 0.00cp 509k sa
8 0.02re 0.00cp 769k udisks-helper-a
6 0.00re 0.00cp 1057k touch
6 0.00re 0.00cp 592k gzip
23. Print All Account Activity Information
Where
9.86re is a “real time” as per wall clock minutes
0.01cp is a sum of system/user time in cpu minutes
2466k is a cpu-time averaged core usage, i.e. 1k units
sshd command name
Core memory is another (old) word for RAM.
24. Print All Account Activity Information
Core memory. Not included in this course.
Just for reference.
https://www.youtube.com/watch?v=AwsInQLmjXc
https://www.youtube.com/watch?v=paQ3zIsz1-8
https://www.youtube.com/watch?v=7ozNMgx7WtQ
25. Print Individual User Information
To get the information of individual user, use the options -
u.
# sa -u
root 0.00 cpu 465k mem accton
root 0.00 cpu 1057k mem touch
root 0.00 cpu 1298k mem psacct
root 0.00 cpu 466k mem consoletype
root 0.00 cpu 1264k mem psacct *
root 0.00 cpu 1298k mem psacct
root 0.00 cpu 466k mem consoletype
root 0.00 cpu 1264k mem psacct *
root 0.00 cpu 1298k mem psacct
root 0.00 cpu 466k mem consoletype
root 0.00 cpu 1264k mem psacct *
root 0.00 cpu 465k mem accton
root 0.00 cpu 1057k mem touch
26. Print Number of Processes
This command prints the total number of processes and
CPU minutes. If you see continue increase in these
numbers, then its time to look into the system about what
is happening.
# sa -m
sshd 2 9.86re 0.00cp 2466k
root 127 14.29re 0.00cp 909k
28. List Last Executed Commands of User
The ‘latcomm‘ command is used to search and display
previously executed user commands information. You
can also search commands of individual usernames. For
example, we see commands of user (tecmint).
29. List Last Executed Commands of User
# lastcomm tecmint
su tecmint pts/0 0.00 secs Wed Feb 13 15:56
ls tecmint pts/0 0.00 secs Wed Feb 13 15:56
ls tecmint pts/0 0.00 secs Wed Feb 13 15:56
ls tecmint pts/0 0.00 secs Wed Feb 13 15:56
bash F tecmint pts/0 0.00 secs Wed Feb 13 15:56
id tecmint pts/0 0.00 secs Wed Feb 13 15:56
grep tecmint pts/0 0.00 secs Wed Feb 13 15:56
grep tecmint pts/0 0.00 secs Wed Feb 13 15:56
bash F tecmint pts/0 0.00 secs Wed Feb 13 15:56
dircolors tecmint pts/0 0.00 secs Wed Feb 13 15:56
bash F tecmint pts/0 0.00 secs Wed Feb 13 15:56
tput tecmint pts/0 0.00 secs Wed Feb 13 15:56
30. Search Logs for Commands
With the help of the lastcomm command you will be able
to view individual use of an each commands.
# lastcomm ls
ls tecmint pts/0 0.00 secs Wed Feb 13 15:56
ls tecmint pts/0 0.00 secs Wed Feb 13 15:56
ls tecmint pts/0 0.00 secs Wed Feb 13 15:56
31. User activity
For more practice
https://www.tecmint.com/how-to-monitor-user-acti
vity-with-psacct-or-acct-tools/
32. Directory Services
Kerberos is used to manage credentials securely
(authentication) while LDAP is used for holding
authoritative information about the accounts, such
as what they're allowed to access (authorization),
the user's full name and uid.
Active Directory is a combination of Kerberos and
LDAP.
33. Kerberos
Kerberos (/ k rb r s/) is a computer-network
ˈ ɜː ə ɒ
authentication protocol that works on the basis of
tickets to allow nodes communicating over a non-
secure network to prove their identity to one
another in a secure manner.
34. Kerberos
The protocol was named after the character
Kerberos (or Cerberus) from Greek mythology, the
ferocious three-headed guard dog of Hades.
Its designers aimed it primarily at a client–server
model, and it provides mutual authentication—
both the user and the server verify each other's
identity.
Kerberos protocol messages are protected
against eavesdropping and replay attacks.
36. Kerberos
Kerberos builds on symmetric-key cryptography
and requires a trusted third party, and optionally
may use public-key cryptography during certain
phases of authentication.[2] Kerberos uses UDP
port 88 by default.
37. Kerberos
The client authenticates itself to the Authentication
Server (AS) which forwards the username to a
key distribution center (KDC).
The KDC issues a ticket-granting ticket (TGT),
which is time stamped and encrypts it using the
ticket-granting service's (TGS) secret key and
returns the encrypted result to the user's
workstation.
38. Kerberos
This is done infrequently, typically at user logon;
the TGT expires at some point although it may be
transparently renewed by the user's session
manager while they are logged in.
39. Kerberos
When the client needs to communicate with a
service on another node (a "principal", in Kerberos
parlance), the client sends the TGT to the TGS,
which usually shares the same host as the KDC.
The service must have already been registered
with the TGS with a Service Principal Name
(SPN). The client uses the SPN to request access
to this service.
40. Kerberos
After verifying that the TGT is valid and that the
user is permitted to access the requested service,
the TGS issues ticket and session keys to the
client. The client then sends the ticket to the
service server (SS) along with its service request.
43. LDAP
LDAP (Lightweight Directory Access Protocol) is a
software protocol for enabling anyone to locate
data about organizations, individuals and other
resources such as files and devices in a network
-- whether on the public Internet or on a corporate
Intranet.
LDAP is a "lightweight" (smaller amount of code)
version of Directory Access Protocol (DAP), which
is part of X.500, a standard for directory services
in a network.
44. LDAP
A directory tells the user where in the network
something is located. On TCP/IP networks
(including the internet), the domain name system
(DNS) is the directory system used to relate the
domain name to a specific network address (a
unique location on the network).
However, the user may not know the domain
name. LDAP allows a user to search for an
individual without knowing where they're located
(although additional information will help with the
search).
45. Uses of LDAP
The common use of LDAP is to provide a central
place for authentication -- meaning it stores
usernames and passwords. LDAP can then be
used in different applications or services to
validate users with a plugin. As some examples,
LDAP can be used to validate usernames and
passwords with Docker, Jenkins, Kubernetes,
Open VPN and Linux Samba servers. LDAP
single sign-on can also be used by system
administrators to control access to an LDAP
database.
46. Uses of LDAP
LDAP can also be used to add operations into a
directory server database, authenticate -- or bind
-- sessions, delete LDAP entries, search and
compare entries using different commands,
modify existing entries, extend entries, abandon
requests or unbind operations.
49. System Utilities
Try
cal 9 1752
https://www.historic-uk.com/HistoryUK/HistoryofBr
itain/Give-us-our-eleven-days/
50. Agenda
yum dnf for psacct / acct
Monitoring user activity
Kerberos
LDAP
Active Directory
System utility commands (date, uptime,
hostname, which, cal, bc etc.)