Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.
Course Of The Month
2 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Title: how to know who clear the content of the DNS configuration file?
Posted on 2006-10-21
Would you please tell me how to know who change the content of some file in linux?
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
4 Comments
Active 6 days ago
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.
in short: your best bet is to use a lie detector :)
in short: your best bet is to use a lie detector :)
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed.
Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email
Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month2 days, 15 hours left to enroll
Earn Certification
Cisco CCNP Security: SIMOS
$197.00$177.30
Earn Certification
Cisco CCNA Security: IINS v3.0
$197.00$177.30
696 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.