LinuxQuestions.org - How find out PID of a command which is in history

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - How find out PID of a command which is in history (https://www.linuxquestions.org/questions/linux-newbie-8/how-find-out-pid-of-a-command-which-is-in-history-887317/)

xombboxer

06-20-2011 07:15 AM

How find out PID of a command which is in history

If someone has done something wrong on a shared linux machine. If i want to find out who is that person or ip from where it is been done what are all the possible ways..

1 possibility I thought was to get the PID of the command and get other details from that PID?

Reuti

06-20-2011 07:32 AM

You mean by "shared machine" also a "shared user account"?

chrism01

06-20-2011 06:59 PM

If the cmd is no longer running, you won't have the PID; it's not (normally) stored in the HISTORY file, although you may be able to set that.
You prob want to start with the log files (/var/log/*), looking for entries around the time you think something happened.
If you have a specific qn in mind, please tell us for better directions.

ssrameez

06-21-2011 02:05 AM

/var/log/messages and other log files in /var/log will provide an insight into what has happened in your system. Who has logged in. How a user logged in .. etc.

If you want to capture the PIDs then, you might need to write a script and log it. But that is not a nice idea to go ahead while considering performance and space constraints.

ssrameez

06-21-2011 02:09 AM

Also there is a software called PowerBroker. But it is not freeware.

Check the link http://www.linuxforums.org/forum/sec...ternative.html

--Rameez

All times are GMT -5. The time now is 01:15 PM.