Create log file:
touch /var/log/sudo.log
Edit the file /etc/sudoers
visudo
Paste
Defaults logfile="/var/log/sudo.log"
Restart rsyslog
sudo systemctl restart rsyslog
View log
tail -f /var/log/sudo.log
Create log file:
touch /var/log/sudo.log
Edit the file /etc/sudoers
visudo
Paste
Defaults logfile="/var/log/sudo.log"
Restart rsyslog
sudo systemctl restart rsyslog
View log
tail -f /var/log/sudo.log
tcpdump -A -s 10240 'tcp port 8091 and (((ip[2: 2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^ ........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET | HTTP\/|POST |HEAD )/\n\1/g'
GET /api/files/file/name/History%20EX-Guide.docx/properties?aewgaweg.com&siteName=asgsd.com&folderName=1231212 HTTP/1.1 Host: mydlb.lb.anypointdns.net X-Real-IP: 1.1.1.1 X-Forwarded-For: 1.1.1.1 User-Agent: curl/7.64.1 Accept: */* Authorization: bearer 23423
Identifying Inactive or Idle SSH Connections
Before disconnecting inactive or idle SSH connections, it is important to first identify them. In Linux, there are several commands that can be used to list active users and their sessions, display information about logged-in users and their processes, and view a log of previous logins and sessions.
Using the 'who' command to list active users and their sessions
The 'who' command is used to display a list of currently logged-in users along with their login name, terminal line number (tty), login time, and remote hostname or IP address. To specifically view only SSH connections, the '-u' option can be added to the command. This will display only active SSH connections with the corresponding user information.
who -u
If you have identified an inactive or idle SSH connection and want to terminate it manually, there are several commands that you can use to do so. These commands specifically target the processes associated with the SSH connection, allowing you to end them without affecting any other processes on your system.
Using the 'kill' command to terminate a specific session ID
The 'kill' command is used to send a signal to a particular process (or multiple processes) in order to terminate them. When it comes to disconnecting an inactive or idle SSH connection, you can use 'kill' with the session ID associated with that particular connection.
To determine the session ID of an inactive or idle SSH connection, you can use any of the methods mentioned in section two of this article. Once you have determined the session ID, simply run the following command −
kill [sessionID]
This will immediately terminate that specific SSH connection and log out any user associated with it.
Using the 'pkill' command to kill all processes associated with a specific user
If you want to disconnect all inactive or idle SSH connections for a particular user at once, then you can use the 'pkill' command. This command sends a signal not only to a specific process but also kills all other related processes as well. To terminate all connections for one particular user, run this command −
pkill -U [username]
This will send signals and end all ssh connections opened by [username].
Using the 'skill' command to send a signal to terminate specific processes
Sometimes using kill or pkill methods may terminate other associated processes also with an active session. It is not always easy to determine which of these processes are associated with the active SSH connection, so you can use the 'skill' command instead. The 'skill' command allows you to target specific processes by name, user or group.
You can use it to send a signal that will terminate any process that matches a particular pattern. To kill a particular ssh session run this command −
skill -KILL -u [username] --tty=[terminal]
This will send a signal to end all ssh connections opened by [username] on the specified terminal. The skill command could terminate additional processes also running in the terminal.
Symptoms In some scenarios, the following validation warning appears on an updatable object: " Object is no longer supported. Enforci...