Re: determining when root was logged in

From: Vipin Khushu (vkhushu_at_GUERNSEYOP.COM)
Date: 10/24/03

  • Next message: Sue Pellerito: "Re: determining when root was logged in" 
    Date:         Fri, 24 Oct 2003 17:44:07 -0400
To: aix-l@Princeton.EDU

    Bruce,

    You're right - ugo permissions are set to allow anyone to read write. I
    don't have any proof that root modified this file, just that since this is a
    sensitive file in our environment my hunch is that only someone with root
    permissions would have touched this file.

    I don't know of a way to rule anyone in or out at this time based on the
    amount of information I have at hand.

    thanks

    -----Original Message-----
    From: Bruce Zimmer [mailto:b.r.zimmer@WORLDNET.ATT.NET]
    Sent: Friday, October 24, 2003 4:47 PM
    To: aix-l@Princeton.EDU
    Subject: Re: determining when root was logged in

    From what I see, those files are writeable by any one. Why do you feel
    that it must have been root or a member of sys that changed the file?

    Bruce Zimmer
    Central Data Systems
    (248) 615-4644 (direct)
    (248) 320-1175 (cell)
    bzimmer@centraldata.com

    -----Original Message-----
    From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
    Vipin Khushu
    Sent: Friday, October 24, 2003 3:59 PM
    To: aix-l@Princeton.EDU
    Subject: Re: determining when root was logged in

    Thanks Mark / Bill.

    However, this gets curiouser and curiouser.

    The last root command shows that the last time root logged into the
    system
    was back on sep 09.

    However, we are sure that this file was modified yesterday.

    Is there a way to determine who modified this file?

    Vipin

    -----Original Message-----
    From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
    Sent: Friday, October 24, 2003 1:49 PM
    To: aix-l@Princeton.EDU
    Subject: Re: determining when root was logged in

    last|more
    /etc/passwd and /etc/group
    --------------------------------------------------------

    "If everything is coming your way, then you are in the wrong lane"

    Bill Verzal
    AIX Administrator, Komatsu America
    (847) 970-3726 - direct
    (847) 970-4184 - fax

    |---------+---------------------------->
    | | Vipin Khushu |
    | | <vkhushu@GUERNSEY|
    | | OP.COM> |
    | | Sent by: IBM AIX |
    | | Discussion List |
    | | <aix-l@Princeton.|
    | | EDU> |
    | | |
    | | |
    | | 10/24/2003 12:03 |
    | | PM |
    | | Please respond to|
    | | IBM AIX |
    | | Discussion List |
    | | |
    |---------+---------------------------->

    >----------------------------------------------------------------------- 

    ----
----------------------------------------------------|
  |
|
  |       To:       aix-l@Princeton.EDU
|
  |       cc:
|
  |       Subject:  determining when root was logged in
|
>-----------------------------------------------------------------------
----
----------------------------------------------------|
I need to pinpoint who was logged in as root yesterday when this file
was
modified. So I would like to know what time the person / process got
logged
in as root and from what terminal / IP address.
Also does anyone know where the list of users that are set up on the
system
are stored?
I need to show the users that are set up as part of the system group.
-rw-rw-rw- 1 root sys 26624 Oct 23 13:46 -dayend.cdx
-rw-rw-rw- 1 root sys 42844 Oct 23 13:46 -dayend.dbf
-rw-rw-rw- 1 root sys 10 Aug 02 10:03 -dayend.key
TIA
Vipin Khushu
  • Next message: Sue Pellerito: "Re: determining when root was logged in"

    Relevant Pages