How do I hide a user that is logged into the server, from other users
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.
linux debian users linux-virtual-server
asked Nov 10 '17 at 5:09
StrangeRanger
9619
add a comment |Â
up vote
3
down vote
favorite
If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.
linux debian users linux-virtual-server
asked Nov 10 '17 at 5:09
StrangeRanger
9619
How would you normally check if a user is logged in?Usingw? Or ?
– Hunter.S.Thompson
Nov 10 '17 at 5:28
If I wanted to check if a user is logged in, I would either useworwho
– StrangeRanger
Nov 10 '17 at 5:29
1
GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.
linux debian users linux-virtual-server
asked Nov 10 '17 at 5:09
StrangeRanger
9619
If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.
linux debian users linux-virtual-server
asked Nov 10 '17 at 5:09
StrangeRanger
9619
asked Nov 10 '17 at 5:09
StrangeRanger
9619
asked Nov 10 '17 at 5:09
StrangeRanger
9619
asked Nov 10 '17 at 5:09
StrangeRanger
9619
9619
How would you normally check if a user is logged in?Usingw? Or ?
– Hunter.S.Thompson
Nov 10 '17 at 5:28
If I wanted to check if a user is logged in, I would either useworwho
– StrangeRanger
Nov 10 '17 at 5:29
1
GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49
add a comment |Â
How would you normally check if a user is logged in?Usingw? Or ?
– Hunter.S.Thompson
Nov 10 '17 at 5:28
If I wanted to check if a user is logged in, I would either useworwho
– StrangeRanger
Nov 10 '17 at 5:29
1
GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49
How would you normally check if a user is logged in?Using
w? Or ?– Hunter.S.Thompson
Nov 10 '17 at 5:28
How would you normally check if a user is logged in?Using
w? Or ?– Hunter.S.Thompson
Nov 10 '17 at 5:28
If I wanted to check if a user is logged in, I would either use
w or who– StrangeRanger
Nov 10 '17 at 5:29
If I wanted to check if a user is logged in, I would either use
w or who– StrangeRanger
Nov 10 '17 at 5:29
1
1
GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49
GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
accepted
There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.
That's the technique usually used by intruders who compromise a server.
Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.
answered Nov 10 '17 at 8:10
dr01
15.3k114769
add a comment |Â
up vote
0
down vote
Don't give them shell access.
If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.
Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.
answered Nov 10 '17 at 10:38
0x40
212
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.
That's the technique usually used by intruders who compromise a server.
Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.
answered Nov 10 '17 at 8:10
dr01
15.3k114769
add a comment |Â
up vote
2
down vote
accepted
There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.
That's the technique usually used by intruders who compromise a server.
Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.
answered Nov 10 '17 at 8:10
dr01
15.3k114769
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.
That's the technique usually used by intruders who compromise a server.
Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.
answered Nov 10 '17 at 8:10
dr01
15.3k114769
There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.
That's the technique usually used by intruders who compromise a server.
Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.
answered Nov 10 '17 at 8:10
dr01
15.3k114769
answered Nov 10 '17 at 8:10
dr01
15.3k114769
answered Nov 10 '17 at 8:10
dr01
15.3k114769
answered Nov 10 '17 at 8:10
dr01
15.3k114769
15.3k114769
add a comment |Â
add a comment |Â
up vote
0
down vote
Don't give them shell access.
If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.
Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.
answered Nov 10 '17 at 10:38
0x40
212
add a comment |Â
up vote
0
down vote
Don't give them shell access.
If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.
Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.
answered Nov 10 '17 at 10:38
0x40
212
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Don't give them shell access.
If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.
Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.
answered Nov 10 '17 at 10:38
0x40
212
Don't give them shell access.
If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.
Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.
answered Nov 10 '17 at 10:38
0x40
212
answered Nov 10 '17 at 10:38
0x40
212
answered Nov 10 '17 at 10:38
0x40
212
answered Nov 10 '17 at 10:38
0x40
212
212
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403670%2fhow-do-i-hide-a-user-that-is-logged-into-the-server-from-other-users%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
How would you normally check if a user is logged in?Using
w? Or ?– Hunter.S.Thompson
Nov 10 '17 at 5:28
If I wanted to check if a user is logged in, I would either use
worwho– StrangeRanger
Nov 10 '17 at 5:29
1
GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49