LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices



Reply
 
Search this Thread
Old 04-11-2005, 02:36 AM   #1
cmsisb
LQ Newbie
 
Registered: Mar 2005
Location: Pakistan
Posts: 4

Rep: Reputation: 0
root password reset log


Hi

Help Me plz. Someone changed my root password I want to check password resetting date and time.

Thanks,
Waheed
 
Old 04-11-2005, 04:08 AM   #2
|2ainman
Member
 
Registered: Mar 2004
Distribution: Slackware current, DSL 0.9.2
Posts: 133

Rep: Reputation: 15
You probably can't check the logs w/o having root access :-/
 
Old 04-11-2005, 05:10 AM   #3
cmsisb
LQ Newbie
 
Registered: Mar 2005
Location: Pakistan
Posts: 4

Original Poster
Rep: Reputation: 0
Local Administrator is another person may be he reset the root password. I want to check the root password resetting date and time olz. tell me the log file which contains the information regarding this. May be he changed the root password in single user mode. Plz. tell me the log file and its location.
Thanks.
 
Old 04-11-2005, 08:20 AM   #4
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 620

Rep: Reputation: 30
howzit

if u have a login u may type this cmd and it will tell u when ure machine was rebooted and when / where the last root login was. Type at the console < last >

The place to check for logs would be /va/log/secure and /var/log /messages

cheers
 
Old 04-14-2005, 03:21 PM   #5
cowboy_jake
Member
 
Registered: Apr 2005
Location: Texas
Distribution: RHEL 2.1,3.0,4.0
Posts: 39

Rep: Reputation: 15
The first thing I would do is check the date/time stamp on /etc/shadow to see when it was modified (as long as you haven't made any changes to it yourself).

Then use the "last" command to see if anybody logged in around that time

-Jake
 
Old 01-14-2013, 05:49 PM   #6
Adickel
LQ Newbie
 
Registered: Jul 2009
Posts: 14

Rep: Reputation: 0
I had this problem

I was searching the nets and found this thread when looking for a resolution for this, one of our nodes had its password changed and it wasn't documented anywhere, luckily we were still able to ssh to it from another trusted node and i found who changed the password for it by running:

history | grep passwd

This gave the person away because they weren't supposed to be logged in as root but ran "passwd" alone and changed the password then they ran "passwd <their username>" and gave them selves away .

Just a useful tip for anyone who might be troubleshooting this ( this was for RHEL 5.5 btw)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reset Root password hbenway AIX 9 08-19-2008 05:13 PM
reset root password kapslock Debian 14 07-27-2006 08:08 AM
how to check root password reset log cmsisb Red Hat 1 04-11-2005 08:23 AM
How to protect Root password so it cannot be reset PAB Linux - Security 14 04-05-2005 08:05 AM
Reset Root password sdsouza Linux - Software 5 11-12-2003 05:50 PM


All times are GMT -5. The time now is 05:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration