Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If you don't suspect malicious activity then you can look at the /root/.bash_history if you're using bash (if its malicious it won't show what you're looking for in all likelihood.) You could also identify all files on the drive that have been changed in a given time frame using find. If you suspect malicious activity and aren't a security expert I would suggest using rkhunter/chkrootkit at the least and verifying the integrity of ps and ls using your package manager (eg: rpm -v).
If you wish to provide additional information on exactly what you mean, I'm sure we can provide more information.
But i just want to know how can we check the changes after login as a root .
Its applicable for changes in file permissions , security setting etc...
And yet you still don't provide any information. See the post from unSpawn....
WHAT CHANGES? WHAT ARE YOU LOOKING FOR???
You're question is very vague. If you want to know EVERYTHING that changed, you'll have to install something like Tripwire, and have it check on a routine basis. Otherwise, like rweaver told you, check the .bash_history, and follow the other suggestions that were made to you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.