Linux: How to detect if a computer is being controlled through serial console

Question

How could I programmatically detect if a Linux machine is being controlled by a user that has logged in using a serial console? I would be doing the checking through BASH.

Answer 1

The who command will give you a list of users logged on and where they are logged on from.

For example:

~$ who
john    pts/1        2009-07-29 10:06 (ourcompanyvpnserver.org)
mary    tty7        2009-07-29 10:11 (:0)
frank    pts/2        2009-07-27 12:10 (att.net)
jim    pts/4        2009-07-28 14:51 (comcast.net)

The output of who indicates "how" the users are logged in. User mary's console is hooked into tty7 The tty indicates that mary is logged in physically via a serial console. So mary has the ability to control the computer through the serial console.

In order to determine what she is doing you would need to look at her.bash_history file. Usually this is under /home/mary/.bash_history .

If you want to long term log all commands that come in over a serial console (aka keyboard attached to that machine), I would modify the linux serial driver to log all input and output. I do not know how hard that would be.

Answer 2

Try parsing finger. You can usually pick up IP/DNS addresses. Havn't ever seen a serial connection, so I couldn't say if it displays a serial connection or not.

Answer 3

You can use who from the command line.

Answer 4

If you want to check it in a local computer...

$ who >> log.txt

And checking if there's any extra line in that file, or whatever you want.

Answer 5

In case you mean to check if your script runs on a terminal via a serial interface, you can just execute tty and check the device name.