[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Linux openSUSE 12 - Folder permissions change logs

Posted on 2014-02-23
7
Medium Priority
?
677 Views
Last Modified: 2014-03-05
We are running a Linux openSUSE 12 server for our file storage.
It is setup with groups for security permissions.
I found that one folder had the group changed and was open to all users.

Is there a log that I can see when the folder group was changed?
0
Comment
Question by:bax2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 13

Expert Comment

by:Sandy
ID: 39881814
You can check the login session logs to see who had logged in at that time, and apart from that if you have enhanced audit enabled in your system, that can be checked to find out the culprit.

TY/SA
0
 
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 501 total points
ID: 39881832
Yes, if you have audit installed and configured you might find something in /var/log/audit/audit.log ...
0
 

Author Comment

by:bax2000
ID: 39882085
Thanks for the update.
I am not that familiar to Linux but know some basics.
If I go to /var/log/audit/audit.log  it says the directory does not exist, so I take it that the auditing is not setup. Is that correct?

Where would I check to see it auditing is setup or to have it setup now?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 501 total points
ID: 39882092
Hi, following doc might set you on your way: http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.audit.comp.html also check out chapter 31.

Check all of /var/log to see if an audit.log is available ... Or check if /etc/audit/auditd.conf is available ...
0
 
LVL 5

Assisted Solution

by:Dave Gould
Dave Gould earned 249 total points
ID: 39882157
If you run the stat command to find the time that the metadata was changed for the file, it might help you pin down the exact time that the group was updated:

stat -c %z yourfile

with this information, checking the access logs might help you identify who was on at that time.
If you are root, you can even check the history files for the users that you suspect might have made the changes. If your users use bash (which is pretty much the norm nowdays), then you can check the .bash_history that can be founfd in their homedir.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39882167
@trappa01.. that will give the time of last change since Epoc... still he needs audit to be enabled.

TY/SA
0
 
LVL 5

Expert Comment

by:Dave Gould
ID: 39882184
%z will give an actual timestamp of the last change time. %Z will give seconds since Epoc.
I agree its not much to go on but the original poster does not seem to have audit running so its a case of narrowing down as much as possible.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
What we learned in Webroot's webinar on multi-vector protection.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question