With a simple command, you can find out which users logged into your data center Linux servers and prevent them from doing harm.
Users log in and out of your data center Linux servers all day. As the admin of those systems, you are charged with knowing every single thing that goes on with those servers and what to do to keep them reliable and secure.
But how do you know who is logged into those Linux servers and what they're doing? This might seem like a daunting task, but since you're using Linux this task is not only simple, but it's built right into the servers. With the use of a single command, you can find out what's going on under your nose. It's so simple, every Linux admin should be able to do this.
SEE: Hiring kit: Database administrator (Tech Pro Research)
So how do you find out? By using the w command.
What is w?
The w command stands for both who and what because that's what it displays. From the w man page: w displays information about the users currently on the machine and their processes. The header shows, in this order, the current time, how long the system has been running, and how many users.
Since w is already installed on your system, you're set to go.
Let's see how to use w.
Log into your Linux data center server and issue the command:
The output of the command will display who is currently logged into the machine and what command they are using (Figure A).
As you can see, user olivia is logged into the data center server but has secure shell'd into a machine at 192.168.1.1. Is she allowed to do this? If not, you can always kill that SSH session by first finding out it's PID with the command:
ps -ef | grep olivia
The output of the above command will list all PIDs of all processes associated with the user olivia. As you can see (Figure B), the ssh PID is 27306.
Issue the following command to kill the ssh session:
sudo kill 27306
From the same listing (after running the ps -ef |grep olivia command above), you can see that the PID of olivia's login session is 27299 (denoted by pts/1). Kill that PID with the command:
sudo kill 27299
The above command will effectively log olivia out. Considering you've also seen the IP address she's logged into from, you can act accordingly to block that address from having access to the server (if necessary).
Had the user olivia been doing something nefarious, hopefully, you've stopped her. Of course, if she were a user allowed to be on that server, you probably wouldn't kill her session. However, this is an easy way to keep tabs on who's logged into those data center Linux servers and what they are doing. Use the w command wisely and it might help you prevent a rogue user from doing something they shouldn't on your data center servers.
- How to change the default SSH port on your data center Linux servers (TechRepublic)
- How to monitor events on your Linux data center servers with auditd (TechRepublic)
- How to block SSH attacks on Linux with denyhosts (TechRepublic)
- How to monitor your data center Linux server with osquery (TechRepublic)
- IT spending in 2019 revised down amid data center woes (ZDNet)
- 10 things companies are keeping in their own data centers (TechRepublic download)
- How hyperscale data centers are reshaping all of IT (ZDNet)
- Best cloud services for small businesses (CNET)
- DevOps: More must-read coverage (TechRepublic on Flipboard)