Quote:
Originally Posted by hariiyer
Where the user activity logs are stored in linux.
|
Please do an 'apropos' on your system for last, lastlog, lastb, wtmp, utmp, PAM, audit.
Quote:
Originally Posted by hariiyer
suppose when root user has changed permission, installation etcc. where do we find out these type of activities.
|
Installation by way of 'yum': /var/log/yum.log, /var/log/messages, by 'rpm' directly: nowhere, perm changes: nowhere unless passive (Aide) or active (Samhain, Auditd) audit mechanism was installed and their rules so configured. For statistics of logged user activity see 'ac', generic logging of user activity (commands) see 'rootsh'. Verify installation (hashes, perms, etc, etc) using package manager: 'rpm -qVva'.
