Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Title: how to know who clear the content of the DNS configuration file?

Would you please tell me how to know who change the content of some file in linux?
i install  dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
0
blackwolfvn82
Asked:
blackwolfvn82
  • 3
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
       gnome-system-log - the GNOME System Log Viewer

SYNOPSIS
       gnome-system-log

       or select System Log from the System Tools submenu of the Applications menu.

DESCRIPTION
       GNOME System Log Viewer is a simple utility to display system log files.

AUTHOR
       The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.

       This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de>.

FILES
       /var/log/messages
              The system’s main logfile.

       /etc/syslog.conf
              Configuration file for syslogd.  See syslog.conf(5) for exact information.

SEE ALSO
       syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)


-rich
0
 
jakosysadminCommented:
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
0
 
jakosysadminCommented:
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.

in short: your best bet is to use a lie detector :)
0
 
jakosysadminCommented:
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now