dina78
asked on
Track user activity on UNIX
Hello experts,
i have a user that deleted work files saved on a shared folder on our system.
is there any way to access a log the provided information that would prove that they deleted these files?
i have a user that deleted work files saved on a shared folder on our system.
is there any way to access a log the provided information that would prove that they deleted these files?
if you have auditing enabled, you can probably find the exact details in there...
but, how it's configured would depend on which os flavor you're using.
but, how it's configured would depend on which os flavor you're using.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the user is using ksh or bash then you could look at commands history in their home dir:
kash: ~/.sh_history
bash: ~/.bash_history