LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-12-2008, 04:15 AM   #1
unihiekka
Member
 
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273

Rep: Reputation: 32
who used rm


On our server some idiot removed a couple of files of persons who did not "secure" their personal folders with chmod. Is it possible to find out who used the rm command on these files or can we not catch the culprit anymore?
 
Old 11-12-2008, 04:17 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
not retrospectively, no. you could use auditing from the off but after the event it's going to be too late if you didn't knowingly enable services to track it.
 
Old 11-12-2008, 04:26 AM   #3
Revanth GC
LQ Newbie
 
Registered: Nov 2008
Posts: 3

Rep: Reputation: 0
Exclamation

How can one enable the auditing..please share the procedure.
 
Old 11-12-2008, 05:18 AM   #4
dv502
Member
 
Registered: Sep 2006
Location: USA - NYC
Distribution: Whatever icon you see!
Posts: 642

Rep: Reputation: 57
What you are looking for is called process accounting.

http://www.cyberciti.biz/tips/howto-...ccounting.html

The link above gives instructions on setting up process accounting for red hat, ubuntu or debian and some examples on usage.

Note: Process accounting does not prevent the person(s) from repeating the act. It's up to the sysadmin to secure the file
system to the best of his/her knownledge.

The user can protect their home folder by doing chmod -R 700 on their home folder.

If they wish to share a folder with a group or everyone on the system, he/she can add the sticky bit to the folder which allows a user to delete their own files and no one else.

- Cheers

Last edited by dv502; 11-12-2008 at 06:29 AM.
 
Old 11-12-2008, 06:10 AM   #5
cornish
Member
 
Registered: May 2005
Location: Sussex, England
Distribution: Ubuntu 7.10
Posts: 131

Rep: Reputation: 15
Bit of a long shot can you check the bash history for the users?
 
Old 11-12-2008, 06:20 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
duh. why didn't i think of that. if it's a act of ignorance, then it's probably in there. if it's malicious, more likely to have been erased from history.
 
Old 11-12-2008, 06:58 AM   #7
Count Zero
Member
 
Registered: Feb 2008
Distribution: Debian wheezy
Posts: 130

Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
duh. why didn't i think of that. if it's a act of ignorance, then it's probably in there. if it's malicious, more likely to have been erased from history.
Unless, of course, it was a malicious act by an ignorant person. There's more then a few of those...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off




All times are GMT -5. The time now is 04:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration