MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.
Solved
Title: how to know who clear the content of the DNS configuration file?
Posted on 2006-10-21
Would you please tell me how to know who change the content of some file in linux?
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
4 Comments
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
Active 7 days ago
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
Active 7 days ago
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.
in short: your best bet is to use a lie detector :)
in short: your best bet is to use a lie detector :)
Active 7 days ago
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
What we learned in Webroot's webinar on multi-vector protection.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message. In the To field, type your recipient's fax number @efaxsend.com.
You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
- Document Management
- Printers and Scanners
- Document Imaging
- Software-Other
- Images and Photos
- Adobe Acrobat, Photos / Graphics Software, Security, OCR, *PDF
Suggested Courses
Course of the Month8 days, 9 hours left to enroll
597 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.