Re: determining when root was logged in

From: Bruce Zimmer (b.r.zimmer@WORLDNET.ATT.NET)
Date: Fri Oct 24 2003 - 16:47:12 EDT

• Next message: Ferenc Gyurcsan: "Re: AIX Migration to 5L and HACMP"
• Previous message: Bill Verzal: "Re: determining when root was logged in"
• Maybe in reply to: Vipin Khushu: "determining when root was logged in"
• Next in thread: Vipin Khushu: "Re: determining when root was logged in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>From what I see, those files are writeable by any one. Why do you feel
that it must have been root or a member of sys that changed the file?

Bruce Zimmer
Central Data Systems
(248) 615-4644 (direct)
(248) 320-1175 (cell)
bzimmer@centraldata.com

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Vipin Khushu
Sent: Friday, October 24, 2003 3:59 PM
To: aix-l@Princeton.EDU
Subject: Re: determining when root was logged in

Thanks Mark / Bill.

However, this gets curiouser and curiouser.

The last root command shows that the last time root logged into the
system
was back on sep 09.

However, we are sure that this file was modified yesterday.

Is there a way to determine who modified this file?

Vipin

-----Original Message-----
From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
Sent: Friday, October 24, 2003 1:49 PM
To: aix-l@Princeton.EDU
Subject: Re: determining when root was logged in

last|more
/etc/passwd and /etc/group
--------------------------------------------------------

"If everything is coming your way, then you are in the wrong lane"

Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax

|---------+---------------------------->
| | Vipin Khushu |
| | <vkhushu@GUERNSEY|
| | OP.COM> |
| | Sent by: IBM AIX |
| | Discussion List |
| | <aix-l@Princeton.|
| | EDU> |
| | |
| | |
| | 10/24/2003 12:03 |
| | PM |
| | Please respond to|
| | IBM AIX |
| | Discussion List |
| | |
|---------+---------------------------->

>-----------------------------------------------------------------------

----
----------------------------------------------------|
  |
|
  |       To:       aix-l@Princeton.EDU
|
  |       cc:
|
  |       Subject:  determining when root was logged in
|
>-----------------------------------------------------------------------
----
----------------------------------------------------|
I need to pinpoint who was logged in as root yesterday when this file
was
modified. So I would like to know what time the person / process got
logged
in as root and from what terminal / IP address.
Also does anyone know where the list of users that are set up on the
system
are stored?
I need to show the users that are set up as part of the system group.
-rw-rw-rw- 1 root sys 26624 Oct 23 13:46 -dayend.cdx
-rw-rw-rw- 1 root sys 42844 Oct 23 13:46 -dayend.dbf
-rw-rw-rw- 1 root sys 10 Aug 02 10:03 -dayend.key
TIA
Vipin Khushu

• Next message: Ferenc Gyurcsan: "Re: AIX Migration to 5L and HACMP"
• Previous message: Bill Verzal: "Re: determining when root was logged in"
• Maybe in reply to: Vipin Khushu: "determining when root was logged in"
• Next in thread: Vipin Khushu: "Re: determining when root was logged in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:18 EDT