Security Basics mailing list archives
RE: Remotely check login status
From: "Jeremi Gosney" <Jeremi.Gosney () motricity com>
Date: Wed, 21 Jan 2009 12:02:33 -0800
I guess it depends on your organization, but your administrator(s) should have privileges on your system. Either way, if your organization uses any sort of SSO like LDAP or AD then anyone should be able to do what you're asking. If you have a Linux system you probably authenticate through LDAP, which means unless you have otherwise denied them access anyone on the domain can authenticate to your system and run 'who', 'w', or 'last'. Even if you have explicitly denied all users but yourself access to your system through PAM, the root LDAP user will still have access to your system. If you have a Windows system, anyone on the domain will be able to use a tool like 'psloggedon' to see if you're logged in. In fact, nearly all of the Sysinternals PsTools should work for an unprivileged user with the exception of maybe psexec, psshutdown, and pssuspend, which means that anyone in the office should be able to not only see that you're logged in, but what processes are running, what services are started, and view the event log on your machine. Of course, if you are bringing a laptop to work every day then all someone has to do to see if you're in the office is ping your laptop :) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Christian Eibl Sent: Wednesday, January 21, 2009 2:39 AM To: security-basics () securityfocus com Subject: Re: Remotely check login status Hi all, thank you for your suggestions on this topic. Maybe I can re-formulate the problem I was thinking about: I thought about possibilities to check whether a user is currently logged onto a system that cannot be directly accessed by the controller himself. This means, assuming I am allowed to configure my office computer just as I like, e.g., using Linux while all other boxes run Windows or similar. Has anyone on the network, e.g., the admin or my boss, any possibility to check whether I am already (or still) in my office? Again, the other way round would be interesting as well, so Windows on remote machines is also to be considered. Don't get me wrong, I would be glad if this cannot be done, but I am curious about this issue and have no further idea... The already mentioned tools all seem to depend on access privileges to the remote computer which cannot be assumed here. Does anybody also know how to check login status in such a scenario? The mentioned tools do not seem to work correctly with this. Thanks a lot. Regards, Christian
Current thread:
- Remotely check login status Christian Eibl (Jan 19)
- Re: Remotely check login status Francesc Vila (Jan 19)
- RE: Remotely check login status Jason Hurst (Jan 20)
- RE: Remotely check login status Chadha, Sachin (Jan 20)
- RE: Remotely check login status Jason Hurst (Jan 20)
- Re: Remotely check login status Meta Junkie (Jan 19)
- Re: Remotely check login status Salvador III Manaois (Jan 20)
- Re: Remotely check login status Nikhil Wagholikar (Jan 20)
- RE: Remotely check login status Dan Denton (Jan 20)
- Re: Remotely check login status Christian Eibl (Jan 21)
- RE: Remotely check login status Jeremi Gosney (Jan 21)
- <Possible follow-ups>
- Re: Remotely check login status chmod177 (Jan 21)
- Re: Remotely check login status Francesc Vila (Jan 19)