?
Solved

which IP

Posted on 2014-02-12
7
Medium Priority
?
290 Views
Last Modified: 2014-02-16
Dear Experts,

Is it possible to know which IP address modified a script file in Solaris?

Thanks,
0
Comment
Question by:oamal2001
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39852894
Files are modified by users, not IP addresses.

In case you have logging enabled that shows you when a user logged on from which IP address then you could match the time stamp of the file to that of the logon time.

But if you have multiple logons at the same with the same user-id (functional use) then this will be impossible.
0
 
LVL 8

Accepted Solution

by:
Pepe2323 earned 2000 total points
ID: 39854088
That can be a real challenge, all depends of how many user access to your server

if i ware you i will try first check when this script was changed

ls -lc or ls -ltr filename -- you will get the date and time of the last change of that filename

you will need to try to match that time with user connected at that time

last  command can help you but if you have many connections at that time well, this will be difficult

My guess is that script only a few persons have rights to modify it i guess  -- example if its a  script that only root can modify then means not all user have root account ( i hope so )

i hope remote access to the server with root account is not allowed

You policies on that server can make this research  more simple or something impossible.

Regards.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39862407
@oamal2001 - Can you elaborate on how the solution you've selected solves your question?
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 

Author Comment

by:oamal2001
ID: 39862417
I checked when the file last modified , checked who were logged in at that time and matched that time with user connected at that time
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39862422
@oamal2001 - Ok, so you got an answer to which user modified the file. That is an answer to a different question (Who modified ... instead of Which IP modified ...), I suggest that you have this question deleted.
0
 

Author Comment

by:oamal2001
ID: 39862427
You are right I needed from the beginning the IP address , but it happen that modification of the file were on a time only one user logged to the system and because I'm not familiar with UNIX administration I did not think about the time of modification.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39862682
Ok, you've got your answer in the end, I'll just make sure this question is removed from search results. Thanks.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question