Is there a way to find out which user deleted a file and when?
Hi,
Recently we discovered a file located at the root of our web servers document directory (<apache2.0>/htdocs/w2 was missing. I'm trying to do some research as to who/what may have deleted the file and when. Is there a way to do this? I was thinking that investigating the .bash-history of root but was not sure if a user logged in as sudo writes to this file our their own. The only other thing I can think of is inspecting/grepping each users ./bash-history file.
Thanks
Richard
|