I have been unsuccessful in finding the right way to logout a user who did not log out from his session by using google although I have been searching for severall hours. maybe I was using the wrong serach terms, or whatever, if I use who I see a user ist still loggesd into my system, he is a legitimate user whose session might have been interrupted by a failure. I have googled around and only found the advice to use skill with the user but that does not seem to work. anyone more specific instructions? (I haven't yet read the man page for skill but is skill the solution or is there another command for this?)
You can remove them with the kill command. Example: kill -9 PID Where PID is the process ID of the lost session.
so you mean if the lost session was a ssh one, I should see a zombie process or maybe running process of sshd belonging to this user?
Yes, you can try this. Make an SSH session for a user with e.g. putty by looging in, then close putty without logging out. When you login as root and execute "ps -aux" you will see the old SSH session in the process list. But normally it is not nescessary to kill them manually, as SSH will kill lost sessions after some time.
You should see something like this: Code: root 2481 0.0 1.0 14452 2040 ? Ss 12:52 0:00 sshd: root@pts/1 root 2484 0.0 0.8 2980 1624 pts/1 Ss 12:52 0:00 -bash The first line is for a user logged in as root over SSH, the second one is working directly on the system. To kill the first process run Code: kill -9 2481 to kill the second: Code: kill -9 2484
strange: so falko is logged on, right? seems to be right. It should show me a process of falko here, right? but it doesn't. this seems to be my own personal ghost in the machine
Hi, you are logged in as root? Then you can try this: ps -aux | grep 'pts/2' If you dont get any valid output, i recommend to call for a GostBuster Or in case of a server rootkit-hunter http://www.rootkit.nl
Why don't you simply run Code: ps aux as root and have a look at all running processes instead of messing around with grep?
well, a ps aux does not show a process related to falko either... might be an error of who, I have to further study this using google. you see I was just wondering, because after installing hotsanic, I realized I had constantly one logged in user, so I found who and wondered how to kick this one user,... strange I have to look this up, how who finds out who is logged in, maybe it uses cached data or whatever..
Have you installed and run rkhunter as i suggested above? If you dont see all logged in users with ps-aux, a rootkit might be installed on your system!
yes I installed , updated and ran rkhunter. it found nothing suspicious and I doubt it will. this seems to be something else. I am on the road this week so I can't do much, except check quickly for mails, I'll be back at this post next week.
Hi there, I know I'm 3 years late with that post, but I almost fell off my chair... http://thewinningmove.blogspot.com/2008/05/bash-kick-quick-way-to-get-rid-of.html LOL 0xA