I am curious to look for culprit who and how made changes in my passwd and shadow file under path /etc and i got my root id corrupted /renamed.
somehow i got it recovered..but now need to check for culprit
Please advise where i need to check for such logs for changes done on passwd and shadow files
On ESX 3.5 ?
On Esxi 4.1 ?
On Esxi 5.5 ?
and by default what is the date n time limit for old log files on host i can check ?