Solved

Title: how to know who clear the content of the DNS configuration file?

Posted on 2006-10-21
4
208 Views
Last Modified: 2010-04-11
Would you please tell me how to know who change the content of some file in linux?
i install  dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
0
Comment
Question by:blackwolfvn82
  • 3
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 17783543
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
       gnome-system-log - the GNOME System Log Viewer

SYNOPSIS
       gnome-system-log

       or select System Log from the System Tools submenu of the Applications menu.

DESCRIPTION
       GNOME System Log Viewer is a simple utility to display system log files.

AUTHOR
       The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.

       This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de>.

FILES
       /var/log/messages
              The system’s main logfile.

       /etc/syslog.conf
              Configuration file for syslogd.  See syslog.conf(5) for exact information.

SEE ALSO
       syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)


-rich
0
 
LVL 8

Expert Comment

by:jako
ID: 17789393
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
0
 
LVL 8

Expert Comment

by:jako
ID: 17789439
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.

in short: your best bet is to use a lie detector :)
0
 
LVL 8

Expert Comment

by:jako
ID: 17794551
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now