Solved

Title: how to know who clear the content of the DNS configuration file?

Posted on 2006-10-21
4
206 Views
Last Modified: 2010-04-11
Would you please tell me how to know who change the content of some file in linux?
i install  dns server on my computer and some one clear all content of my DNS configuration file.how to know who did that?
thanks so much
0
Comment
Question by:blackwolfvn82
  • 3
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
Comment Utility
You will have to review the log's, depending on your linux distribution you can try (open a terminal window in X, and type: gnome-system-log
to view the log through a GUI when X is started, or select System Log from the System Tools submenu of the Applications menu
NAME
       gnome-system-log - the GNOME System Log Viewer

SYNOPSIS
       gnome-system-log

       or select System Log from the System Tools submenu of the Applications menu.

DESCRIPTION
       GNOME System Log Viewer is a simple utility to display system log files.

AUTHOR
       The GNOME System Log Viewer was written by Cesar Miquel <miquel@df.uba.ar>.

       This manual page was written by Jochen Voss <voss@mathematik.uni-kl.de>.

FILES
       /var/log/messages
              The system’s main logfile.

       /etc/syslog.conf
              Configuration file for syslogd.  See syslog.conf(5) for exact information.

SEE ALSO
       syslogd(8), sysklogd(8), syslog.conf(5), syslogd-listfiles(8)


-rich
0
 
LVL 8

Expert Comment

by:jako
Comment Utility
you'll have to run stat on the file that was changed - from there you get an exact time on the last change.
using this time you can verify the wtmp logs and confirm the user. run "man stat" and "man utmp".
0
 
LVL 8

Expert Comment

by:jako
Comment Utility
btw: it is very possible that there were several users acting as root through "su -" command but there may have been users running "sudo" just as well. Take that into account when confronting people. They might have been the perpetrators and they might have not.

in short: your best bet is to use a lie detector :)
0
 
LVL 8

Expert Comment

by:jako
Comment Utility
What?! Depending on the distro, he might not even have the Gnome on his box. Furthermore, if one sets up a server, even X is rarely installed.
And how would the user know when the exact modification took place and who to blame when the /var/log/messages file does not indicate it ("su -" occurrences are not there). the gnome-system-log does not have the functionality to display the login accounting information like the command "last" does. I can't see how the accepted answer has given the user the solution he needed.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now