Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Title: how to know who clear the content of the DNS configuration file?
Would you please tell me how to know who change the content of some file in linux?
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
Asked:
3
1 Solution
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.
in short: your best bet is to use a lie detector :)
in short: your best bet is to use a lie detector :)
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich