unSpawn |
05-20-2008 07:42 AM |
Quote:
Originally Posted by hariiyer
(Post 3159028)
Where the user activity logs are stored in linux.
|
Please do an 'apropos' on your system for last, lastlog, lastb, wtmp, utmp, PAM, audit.
Quote:
Originally Posted by hariiyer
(Post 3159028)
suppose when root user has changed permission, installation etcc. where do we find out these type of activities.
|
Installation by way of 'yum': /var/log/yum.log, /var/log/messages, by 'rpm' directly: nowhere, perm changes: nowhere unless passive (Aide) or active (Samhain, Auditd) audit mechanism was installed and their rules so configured. For statistics of logged user activity see 'ac', generic logging of user activity (commands) see 'rootsh'. Verify installation (hashes, perms, etc, etc) using package manager: 'rpm -qVva'.
|