It’s now easier to see whether or not your account has been compromised.
As part of our ongoing work to enhance the security of the computing infrastructure within the School of Informatics we have developed a new web interface which allows users to review their recent login activity. The site is accessible at: https://cabin.inf.ed.ac.uk/authview/
This web interface allows users to review their logins made to DICE systems using the Secure Shell (SSH) and any access to Cosign protected web services. The intention is that we will extend this to also cover other methods used to remotely access our systems (e.g. openvpn).
You are a much better judge of what constitutes unusual login activity than we ever could be so we hope that you will take the opportunity to review this information regularly. In particular look for sources you do not recognise: the country of origin is not always guaranteed to reflect your real location but it is a very good guide. The times of day should also be checked: a login at 4am, when you’re normally sound asleep, is likely to be a problem unless you were at a conference in Australia!
In June we will begin sending out monthly emails which summarise all login activity from remote sites for the previous month. In the web interface the access from remote sites is highlighted as a guide as to which entries are most in need of review. If you believe there has been any unauthorised use of your account please contact the Computing Support Team via the usual support form
The information presented is based on data collected from the system log files. This data is stored for 120 days on our central log host. This data is stored securely and is only accessible to the Computing Team. At the end of the retention period some data is retained in an anonymised form so that we can calculate long-term statistics.