which IP

Dear Experts,

Is it possible to know which IP address modified a script file in Solaris?

Thanks,
oamal2001Asked:
Who is Participating?
 
Pepe2323Connect With a Mentor Commented:
That can be a real challenge, all depends of how many user access to your server

if i ware you i will try first check when this script was changed

ls -lc or ls -ltr filename -- you will get the date and time of the last change of that filename

you will need to try to match that time with user connected at that time

last  command can help you but if you have many connections at that time well, this will be difficult

My guess is that script only a few persons have rights to modify it i guess  -- example if its a  script that only root can modify then means not all user have root account ( i hope so )

i hope remote access to the server with root account is not allowed

You policies on that server can make this research  more simple or something impossible.

Regards.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
Files are modified by users, not IP addresses.

In case you have logging enabled that shows you when a user logged on from which IP address then you could match the time stamp of the file to that of the logon time.

But if you have multiple logons at the same with the same user-id (functional use) then this will be impossible.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
@oamal2001 - Can you elaborate on how the solution you've selected solves your question?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
oamal2001Author Commented:
I checked when the file last modified , checked who were logged in at that time and matched that time with user connected at that time
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
@oamal2001 - Ok, so you got an answer to which user modified the file. That is an answer to a different question (Who modified ... instead of Which IP modified ...), I suggest that you have this question deleted.
0
 
oamal2001Author Commented:
You are right I needed from the beginning the IP address , but it happen that modification of the file were on a time only one user logged to the system and because I'm not familiar with UNIX administration I did not think about the time of modification.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
Ok, you've got your answer in the end, I'll just make sure this question is removed from search results. Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.