Volume group got deleted, how to check who deleted it?
Need a little help here in a confusion :)
The rootvg has been deleted from a server, I have to prove that I did not do it which is true!!
Can I get the username used to delete that vg from that server?
If so, how?
Also, if all the users are in that vg, I mean the home directory of all the users were there in lv that was dreated from that vg, then how they deleted it while being logged into the same vg?
If you don't already know how to find out (i.e. you deliberately configured good auditing), there is not really any good way. Most likely it was "root", which is hardly useful, but you can find out who used su / sudo at around the time from /var/log/secure so that might be useful.
|All times are GMT -5. The time now is 03:33 PM.|