Single user mode/ Recovery mode logging CentOS 5.6

RHFanatic · 03-02-2016, 06:16 AM

Hello,

I'm trying to find out if someone without valid credentials gained access to my CentOS 5.6 machine. My research showed that it's possible when booting into single user mode, or by changing a password in /etc/shadow when booting from a bootable device.

I do have the reboot date and time. Will I find anything in the logs that would point out if anything like that happened?

Thanks.

John VV · 03-02-2016, 02:40 PM

seeing as 5.6 is 5 versions out of date
and is missing 4.5 YEARS!!!!! of security updates

there is a good chance

the current and only supported version in the old legacy support OS is 5.11