Solved

Title: how to know who clear the content of the DNS configuration file?

Posted on 2006-10-21
4
210 Views
Last Modified: 2010-04-11
Would you please tell me how to know who change the content of some file in linux?
i install  dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
0
Comment
Question by:blackwolfvn82
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 17783543
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
       gnome-system-log - the GNOME System Log Viewer

SYNOPSIS
       gnome-system-log

       or select System Log from the System Tools submenu of the Applications menu.

DESCRIPTION
       GNOME System Log Viewer is a simple utility to display system log files.

AUTHOR
       The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.

       This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de>.

FILES
       /var/log/messages
              The system’s main logfile.

       /etc/syslog.conf
              Configuration file for syslogd.  See syslog.conf(5) for exact information.

SEE ALSO
       syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)


-rich
0
 
LVL 8

Expert Comment

by:jako
ID: 17789393
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
0
 
LVL 8

Expert Comment

by:jako
ID: 17789439
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.

in short: your best bet is to use a lie detector :)
0
 
LVL 8

Expert Comment

by:jako
ID: 17794551
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 Email server black listed 14 90
rajdeep0081@hotmail.com 3 104
Well known ports and optimal ports scanning range 12 100
Fraud Email 11 42
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question