How to find - Log in/out information solaris & ......(most Urgent)
Hi
we can get information from
"/var/adm"
cat sulog
who ever logged in root and used su - <username>
now i want to know that
1. all the user who ever logged in / out those information required.
2. who ever used "rm"
(deleted file - is it possible to find when it removed ?)
(is it possible to recover it ?)
Cheers...
Thamarai
mkthamaraiselvan@yahoo.com
How to find - Log in/out information & ......
[499 byte] By [
Thamaraia] at [2007-11-27 5:53:45]
# 2
> Hi
>
> we can get information from
>"/var/adm"
> cat sulog
>
>who ever logged in root and used su - <username>
> ow i want to know that
> 1. all the user who ever logged in / out those
> information required.
>
> 2. who ever used "rm"
> (deleted file - is it possible to find when it
> removed ?)
>(is it possible to recover it ?)
> heers...
>
> Thamarai
>
> mkthamaraiselvan@yahoo.com
>
>
> How to find - Log in/out information & ......
last -a will shows u logins details of the system.
Try man last for more information.
For auditing of all the rm commands issued on the system, I have no idea about it, doubt not possible nor feasible on the system. For retreival, you can try to check on the trash bin and well hope its there else hope you have a backup copy.
Ciaoz ..
# 3
The file /var/adm/sulog keeps a record of who 'su' and to who they 'su'-ed to.
Recording 'rm' is a bit more tricky, i suppose that you could do that with auding, or possible dtrace in Solaris 10.
I suppose you could write a wrapper around 'rm', place it in a directory such as /usr/local/bin and put /usr/local/bin in your users $PATH before /usr/bin, but such things might be dangerous :-)
.7/M.
