Title: how to know who clear the content of the DNS configuration file?
Would you please tell me how to know who change the content of some file in linux?
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
i install dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
gnome-system-log - the GNOME System Log Viewer
SYNOPSIS
gnome-system-log
or select System Log from the System Tools submenu of the Applications menu.
DESCRIPTION
GNOME System Log Viewer is a simple utility to display system log files.
AUTHOR
The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.
This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de
FILES
/var/log/messages
The system’s main logfile.
/etc/syslog.conf
Configuration file for syslogd. See syslog.conf(5) for exact information.
SEE ALSO
syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)
-rich
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.
in short: your best bet is to use a lie detector :)
in short: your best bet is to use a lie detector :)
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial