Single user mode/ Recovery mode logging CentOS 5.6
Hello,
I'm trying to find out if someone without valid credentials gained access to my CentOS 5.6 machine. My research showed that it's possible when booting into single user mode, or by changing a password in /etc/shadow when booting from a bootable device.
I do have the reboot date and time. Will I find anything in the logs that would point out if anything like that happened?
Thanks.
|