08-12-2014
This signal would have to have come from either:-
- A superuser account
- The account owning/running the process
- The process itself
- A user account that can get elevated privileges (e.g. with sudo or running a SUID code)
Does that narrow your targets down?
If it's a historical thing, then you can't find it, unless the process dumped memory and it's buried in there, but even so you might have trouble identifying who actually did it.
For
sudo usage, these are normally logged by the syslog daemon, do if you know the event time, perhaps you can work through that too.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I should know this, but do K scripts in the /etc/rc?.d directories get run in numerically ascending or descending order? By default there are none in rc3.d. Is it OK to put 2 in there, and will they be run first (which is my goal).
Thanks,
Chuck (1 Reply)
Discussion started by: 98_1LE
1 Replies
2. UNIX for Dummies Questions & Answers
Hello everyone
I am using HP Ux and had run a find command. Now I am trying to kill it with kill or kill -9 but it is not getting killed and still running. Any clues ?
Thanks
Sidhu (5 Replies)
Discussion started by: Amardeep
5 Replies
3. UNIX for Advanced & Expert Users
Any idea how to kill threads (not processes) in solaris?
I had checked the man pages for both kill and pkill to no avail. (9 Replies)
Discussion started by: izy100
9 Replies
4. AIX
Hi!
We are using AIX 5.3.
Can anyone please guide me to find out all the running processes for a specific user, say ' admin' and also kill them by force.
Thanks!
atech (9 Replies)
Discussion started by: atechcorp
9 Replies
5. Shell Programming and Scripting
Hi,
How can i find the types of files in some directory(~/mydir) that start with word "fix" then followed by number 3, 4, 7 or 8 and end with .ccp or .in
How can i find the total number of files that are larger than 5000 bytes in specific directory?, I can do it by current directory by using ... (4 Replies)
Discussion started by: kim1980
4 Replies
6. Shell Programming and Scripting
hi,
Am a newbie to unix and wasnt able to write script to my requirement.
I need a shell script, which should find a process by name and kill it. For eg: let the process name be "abc". I have different processes running by this name(abc), so should kill them all.
Condition would be: if... (7 Replies)
Discussion started by: fop4658
7 Replies
7. Shell Programming and Scripting
hi guys
i had written a shell script Display Information of all the File Systems
i want to find the pid and kill the process after few minutes.how can i obtain the pid and kill it???
sample.sh
df -a >> /tmp/size.log
and my cron to execute every minute every hour every day
* *... (5 Replies)
Discussion started by: azherkn3
5 Replies
8. HP-UX
Hello Guys,
Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in HP-UX?
On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on HP-UX. Appreciate your help.
Kelly
Closed because this is... (0 Replies)
Discussion started by: aixusrsys
0 Replies
9. Linux
#!/bin/bash
#This shell finds the pid of the hawkagent and kills and restarts to put the rulebase into effect
output=`ps aux|grep hawkagent`
#The set -- below helps to parse the above ps output into words and $2 gives the 2nd word which is pid
set -- $output
pid=$2
#Checks if pid of hawkagent... (12 Replies)
Discussion started by: samrat dutta
12 Replies
10. UNIX for Beginners Questions & Answers
the task is grant user1 to kill another (for example user2) process. My steps:
by root:
usermod -P "Process Management" user1
login user1
user1@server (~) pfexec kill <PID>
the result is:
ksh: <PID>: not found
or user1@server (~) pfexec pkill <PID>
the result: nothing happens, still... (0 Replies)
Discussion started by: dsyberia
0 Replies
LEARN ABOUT LINUX
pam_loginuid
PAM_LOGINUID(8) Linux-PAM Manual PAM_LOGINUID(8)
NAME
pam_loginuid - Record user's login uid to the process attribute
SYNOPSIS
pam_loginuid.so [require_auditd]
DESCRIPTION
The pam_loginuid module sets the loginuid process attribute for the process that was authenticated. This is necessary for applications to
be correctly audited. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd. There
are probably other entry point applications besides these. You should not use it for applications like sudo or su as that defeats the
purpose by changing the loginuid to the account they just switched to.
OPTIONS
require_auditd
This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running.
MODULE TYPES PROVIDED
Only the session module type is provided.
RETURN VALUES
PAM_SESSION_ERR
An error occurred during session management.
EXAMPLES
#%PAM-1.0
auth required pam_unix.so
auth required pam_nologin.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
SEE ALSO
pam.conf(5), pam.d(5), pam(7), auditctl(8), auditd(8)
AUTHOR
pam_loginuid was written by Steve Grubb <sgrubb@redhat.com>
Linux-PAM Manual 06/04/2011 PAM_LOGINUID(8)