The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.
COURSE of the MONTH
10 days, 16 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Title: how to know who clear the content of the DNS configuration file?
Posted on 2006-10-21
Would you please tell me how to know who change the content of some file in linux?
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
4 Comments
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.
in short: your best bet is to use a lie detector :)
in short: your best bet is to use a lie detector :)
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Let's recap what we learned from yesterday's Skyport Systems webinar.
- Ransomware
- Experts Exchange
- Skyport Systems
- Active Directory
- Security
- *privileged credentials
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message. In the To field, type your recipient's fax number @efaxsend.com.
You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll
770 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.