There is NO smoking gun in UNIX without auditing. Period. Frank gave you a way to guess. Guess means just that - take a stab based on circumstantial evidence.
Step 1:
This gives you the exact time of the incident, unless you have already set permissions back to what they are supposed to be.
Assuming this time is really correct try to correlate that with who was logged in at that time. If you are very lucky only one person was logged in. Otherwise you get to guess who did it. How to do this?
Try:
This lists who has logged in and when they logged out. Since the the system was rebooted, in the order of newest to oldest. You can see the timestamp on the file, you can see who was connected to the system at that time. That is the best you can do. Right now. Enable auditing. Then you are covered from now on.
Last edited by jim mcnamara; 01-26-2012 at 11:10 PM..
This User Gave Thanks to jim mcnamara For This Post:
I am unable to backup file on my tape drive
# mt -f /dev/st0 status
SCSI 2 tape drive:
File number=0, block number=0, partition=0.
Tape block size 0 bytes. Density code 0x25 (DDS-3).
Soft error count since last status=0
General status bits on (45010000):
BOT WR_PROT ONLINE IM_REP_EN
#... (6 Replies)
Hello Guruz,
Relay bad condition :mad:
Some has changed the permission to 777 recursively for /usr/bin directory by mistake. Now all the permission looks to be 777 on /usr/bin
Hence I am so many system related errors as 1 show below.
When I am trying to change the password, I am getting... (5 Replies)
I am trying to FTP files from windows to UNIX (IBM AIX). After having sent the files to unix server. Permisssion of the files becomes 640 (rw-r-----). I have to manually login to unix and do chmod 644 on the folder to give it permission. Is it possible that the files automaically be set to 644 on... (2 Replies)
I accidentally changed to sudo chmod a=w to my /usr/bin folder on my macbook with OS 10.5.8... Please help! I can't even get into a terminal correctly cause it displays:
-bash: uname: command not found
-bash: cut: command not found
-bash: uname: command not found
-bash: cut: command not found... (6 Replies)
As I understand the file permissions in UNIX is basically
Owner, group, others
Lets assume scott user who's primary group is dev creates a file called test.dat and then grants some privileges on that file...
scott@unix-host> echo "this is a test" > test.dat
scott@unix-host> chmod 640... (4 Replies)
HI all,
We had created new user using the command useradd -d /home/selva -s /usr/local/bin/bash selva. But it didnt created the home directory on /home. So i manually created, copied skel files manually and changed the owner from root to selva. At the same time i observed that so many files... (6 Replies)
Friends,
I've tried to modify the syslogs permission by using the perm option in the syslog configuration in AIX 6.1 TL 05. But its not getting applied after the configuration. Have restarted the syslog service also.
Need your help!:wall:
The below are the conf details and os versions
>... (1 Reply)
Hi All,
I have to work in the late nights some times for server maintenance and in a hurry to complete I am accidentally changing ownership or permission of directories :(
which have similar names ( /var in root and var of some other directory ).:confused:
Can some one suggest me with the... (1 Reply)
Hello everybody,
I have many mount points on my virtual Redhat server, two of them lost their (write) permission, so they became read-only filesystems.
I fixed this problem.
But I want to know why it happened? What is the reason behind that to avoid it again? Where can I find related logs?... (2 Replies)
Discussion started by: Mohannad
2 Replies
LEARN ABOUT REDHAT
rusers
RUSERS(1) BSD General Commands Manual RUSERS(1)NAME
rusers -- who is logged in to machines on local network
SYNOPSIS
rusers [-al] [host ...]
DESCRIPTION
The rusers command produces output similar to who, but for the list of hosts or all machines on the local network. For each host responding
to the rusers query, the hostname with the names of the users currently logged on is printed on each line. The rusers command will wait for
one minute to catch late responders.
The following options are available:
-a Print all machines responding even if no one is currently logged in.
-l Print a long format listing. This includes the user name, host name, tty that the user is logged in to, the date and time the user
logged in, the amount of time since the user typed on the keyboard, and the remote host they logged in from (if applicable).
DIAGNOSTICS
rusers: RPC: Program not registered
The rpc.rusersd(8) daemon has not been started on the remote host.
rusers: RPC: Timed out
A communication error occurred. Either the network is excessively congested, or the rpc.rusersd(8) daemon has terminated on the
remote host.
rusers: RPC: Port mapper failure - RPC: Timed out
The remote host is not running the portmapper (see portmap(8) ), and cannot accomodate any RPC-based services. The host may be down.
SEE ALSO rwho(1)users(1), who(1), portmap(8), rpc.rusersd(8)HISTORY
The rusers command appeared in SunOS.
BUGS
The sorting options are not implemented.
Linux NetKit (0.17) August 15, 1999 Linux NetKit (0.17)