Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to know who has deleted the file.
Top Forums UNIX for Dummies Questions & Answers how to know who has deleted the file. Post 302267719 by Lazydog on Saturday 13th of December 2008 03:06:21 PM
Old 12-13-2008
If you are using Linux you should be able to use the AUDIT program.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

retrieving a deleted file

hi!, is there any way to retrieve a file that I have deleted few minutes back?? I am using Solaris- 5.6.. :rolleyes: (2 Replies)
Discussion started by: jyotipg
2 Replies

2. Linux

how can i restore a deleted file

I am a relatively new linux user.would like to know how to undo a deleted file (2 Replies)
Discussion started by: wojtyla
2 Replies

3. Solaris

File deleted bymistake

Bymistake I deleted a file and there is no backup.Is there anyway to get that file. (1 Reply)
Discussion started by: csreenivas
1 Replies

4. Solaris

/etc/passwd file been deleted

Hi Folks , Would be grateful if someone could help me out in one of the question that came to my mind . If the /etc/passwd file has been deleted and the system has been rebooted . Then i dont think that any user would be able to login and the system will be useless . Whats the best solution for... (5 Replies)
Discussion started by: gera_sachin125
5 Replies

5. Shell Programming and Scripting

Lock a file from being deleted?

Hi In my script, users have the option to delete files from a directory, however, I don't want them to be able to delete the automatically generated log file. Is there anyway to lock a file from being deleted? Note: The file can't be read only as it has to be written to quite frequently. ... (3 Replies)
Discussion started by: Darren Taylor
3 Replies

6. Shell Programming and Scripting

restore deleted file

I accidently deleted the files from linux machine. How to restore back the files. (1 Reply)
Discussion started by: sandy1028
1 Replies

7. Solaris

Retrieve deleted file

hi there, Is there any way to retrive the deleted files from solaris, we are using solaris 10 and the file seems delete when it is opened. I search over by Google but no good result... tnx :-) (4 Replies)
Discussion started by: dagigg
4 Replies

8. UNIX for Dummies Questions & Answers

deleted a swap file

I attempted to delete a swap file (rm .<filename>.swp). Now the system is trying to delete one file that doesn't exist anymore and the file is adding a number in increments to the name of the file it is attempting to delete (filename1.csv, filename2.csv) The log says the filename1.csv does... (0 Replies)
Discussion started by: student21
0 Replies

9. UNIX for Dummies Questions & Answers

How to recover deleted file?

Hi All By mistake i have deleted some file in a directory, is there any way to get it back in Unix( i am using sh ) (2 Replies)
Discussion started by: parthmittal2007
2 Replies

10. UNIX for Dummies Questions & Answers

Restoring deleted file with rm -rf

Is there a way I could recover a deleted text file with "rm -rf" command. Running CentOS 6.5. Thank you. (5 Replies)
Discussion started by: galford
5 Replies

LEARN ABOUT MOJAVE

audit

AUDIT(8)						    BSD System Manager's Manual 						  AUDIT(8)

NAME

     audit -- audit management utility

SYNOPSIS

     audit -e | -i | -n | -s | -t

DESCRIPTION

     The audit utility controls the state of the audit system.	One of the following flags is required as an argument to audit:

     -e      Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file
	     without doing a log rotation.

     -i      Initializes and starts auditing.  This option is currently for Mac OS X only and requires auditd(8) to be configured to run under
	     launchd(8).

     -n      Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit con-
	     trol file.  Also, audit log files that meet the expiration criteria specified in the audit control file will be removed.

     -s      Specifies that the audit system should [re]synchronize its configuration from the audit control file.  A new log file will be cre-
	     ated. The attributable flags parameter from the audit_control(5) configuration file is set at login time and is not synchronized with
	     this flag.

     -t      Specifies that the audit system should terminate.	Log files are closed and renamed to indicate the time of the shutdown.

NOTES

     The auditd(8) daemon must already be running.  Optionally, it can be configured to be started on-demand by launchd(8) (Mac OS X only).  The
     audit utility requires audit administrator privileges for successful operation.

FILES

     /etc/security/audit_control  Audit policy file used to configure the auditing system.

SEE ALSO

     audit(4), audit_control(5), auditd(8), launchd(8)

HISTORY

     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
     2004.  It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

AUTHORS

     This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc.  Addi-
     tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

BSD
								 January 29, 2009							       BSD
All times are GMT -4. The time now is 03:46 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy