Solved

Title: how to know who clear the content of the DNS configuration file?

Posted on 2006-10-21
4
212 Views
Last Modified: 2010-04-11
Would you please tell me how to know who change the content of some file in linux?
i install  dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
0
Comment
Question by:blackwolfvn82
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 17783543
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
       gnome-system-log - the GNOME System Log Viewer

SYNOPSIS
       gnome-system-log

       or select System Log from the System Tools submenu of the Applications menu.

DESCRIPTION
       GNOME System Log Viewer is a simple utility to display system log files.

AUTHOR
       The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.

       This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de>.

FILES
       /var/log/messages
              The system’s main logfile.

       /etc/syslog.conf
              Configuration file for syslogd.  See syslog.conf(5) for exact information.

SEE ALSO
       syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)


-rich
0
 
LVL 8

Expert Comment

by:jako
ID: 17789393
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
0
 
LVL 8

Expert Comment

by:jako
ID: 17789439
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.

in short: your best bet is to use a lie detector :)
0
 
LVL 8

Expert Comment

by:jako
ID: 17794551
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question