Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

To find the Ip address of the user who deleted files

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers To find the Ip address of the user who deleted files
# 1  
Old 12-20-2011
To find the Ip address of the user who deleted files
Hi,

There were a few files deleted from a server by user xyz.

The file names are:-

/oraextME4/oradata/ME11G22/TEST_IMPORT_01.dbf


/oraextME4/oradata/ME11G22/RKVITR1_03.dbf


/oraextME4/oradata/ME11G22/TEST_IMPORT_02.dbf

need to know the ip address of the terminal from which that user logged in to delete those files.
Kindly help me out in this
# 2  
Old 12-20-2011
The existence of an answer of course depends on what your system is, what is it?
# 3  
Old 12-20-2011
Enterprise Linux Enterprise Linux Server release 5.1 (Carthage)
# 4  
Old 12-20-2011
You can try to find the information you need in /var/log/audit/audit.log. Look for lines like:
Code:
type=USER_AUTH  msg=audit(1324310184.086:61300): ... msg='op=PAM:authentication acct="username" exe="/usr/sbin/sshd" hostname=1.2.3.4 ...

1324310184 in this case is the unix timestamp of the event.
# 5  
Old 12-21-2011
unfortunately the timestamp i was looking for was not found in the audit file. Please suggest an alternate solution.
# 6  
Old 12-21-2011
The timestamp denotes the moment, when the user logged in, not when the files were deleted. Did you take that into account?
# 7  
Old 12-21-2011
Unfortunately the audit file contains entries which show login times for 8th september 2011 and this incident happened a week back, so we are unable to deduce anything from it.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Loop over certain user directories and find files

Hello I have user directories that contain /temp directory. Example folders: /user1/temp/ /user2/temp/ /user3/temp/ How can i loop over all user directories and find all files only in their /temp folder? Thanks a lot for help! (3 Replies)
Discussion started by: flavius42
3 Replies

2. Shell Programming and Scripting

Find all files for a user, excluding a directory

I have been searching, and cannot find an answer for this. I am trying to find all files for a user, lets call him (test001), and I want to exclude a specific directory. Here is the command I run, it finds all files: find / -user test001 I get this result: > find / -user test001 ... (4 Replies)
Discussion started by: steve2x4
4 Replies

3. Shell Programming and Scripting

Find the user with less number of files in the system

Good morning everybody, I'm using Minix and I want to find the user with less number of files in the system I have tried this solution: #! /bin/sh indice=0 listaCut=$(cut -f 3 -d : /etc/passwd) for USER in $listaCut; do cont=0 listaFind=$(find / -user "${USER}" -type -f) ... (4 Replies)
Discussion started by: Guccio
4 Replies

4. AIX

Track deleted OS user accounts

Recently we've had a couple user accounts mysteriously disappear. Is there any way to track these accounts and determine who/how they were deleted? (2 Replies)
Discussion started by: Sk0glund
2 Replies

5. UNIX for Dummies Questions & Answers

Panic kernal-mode address fault on user address 0x14

:) Firstly Hi all!!, im NEW!! and on here hoping that someone might be able to offer me some help... i have a server that keeps crashing every few days with the error message: PANIC KERNAL-MODE ADDRESS FAULT ON USER ADDRESS 0X14 KERNAL PAGE FAULT FROM (CS:EIP)=(100:EF71B5BD) EAX=EF822000... (10 Replies)
Discussion started by: Twix
10 Replies

6. Cybersecurity

Help Required: Command to find IP address and command executed of a user

Hi, I am trying to write a script which would figure out who has run which command and their IP. As i dont have any clue as to which commands would do this job, i request some gurus to help me on this. Thanks Vishwas (2 Replies)
Discussion started by: loggedout
2 Replies

7. UNIX for Dummies Questions & Answers

Find all files created by a specified user in a directory and its subdirectories

Is there a command or shell script which can be used for Finding all files created by a specified userid in a directory and its subdirectories. Say, I want to find all such files in directory /abc as well as in all the subdirectories such as /abc/xyz or /abc/xyz/pqr aqnd so on which was created... (5 Replies)
Discussion started by: abhilashnair
5 Replies

8. UNIX for Dummies Questions & Answers

Help comparing 2 files to find deleted records

Hi, I need to compare todays file to yesterdays file to find deletes. I cannot use comm -23 file.old file.new. Because each record may have a small change in it but is not really a delete. I have two delimited files. the first field in each file is static. All other fields may change. I... (2 Replies)
Discussion started by: eja
2 Replies

9. UNIX for Dummies Questions & Answers

Is it possible to find out how/when/who deleted particular dierectory on UNIX Aix3

Hi.. I am new to unix. And I am trying to learn more about admin part of it. We have come across a situation where one of the directory gets deleted everyday at 4:00 pm by some process. We are unable to find out what deletes that directory, seems like a automated job.. but there is nothing... (9 Replies)
Discussion started by: vipas
9 Replies
Login or Register to Ask a Question