Hi

In my production server im facing problem that frquently some one disabling vi /etc/hosts conf file. i had check out /var/log/messages i never got any symptom of that . i also check /var/log/xferlog that to i does int getting of any logs of modified details of hosts file.How can i place log for monitoring the last date of hosts file modified

Hello,

What exactly do you mean by disabling vi /etc/hosts? Are you the root user/administrator of that system?

Kind regards,

Eric

I have never heard disabling hosts file

or do you mean someone without your knowledge makes changes in hosts file?

you can use this command to check modification of file

Hi,
we had enabled root priviledge for few user .i found one of the user keep on changing the hosts file making out the database to fall .we are connected our server by using localhost in mysql.so server instant automatically getting stopping off .how can i get log if any one change the conf file of hosts .it seems the hosts modified logs never falls on anywhere on the system.how can i enable to get alert any one modified the hosts conf file

As per the answer of your question I don't believe any log file even if any exists can tell you what changes has been made.

As you said your server stops due to changes in hosts file you can check the hosts file using the stat command and ask the user not to make any changes without the permission of admin.

and any how hosts is not a .conf file so I don't believe there can be any log file but you can always look out for positive replies from other members here.

But my suggestion is what i said above.
look out for the user who is making changes and take appropriate action

Best of Luck

Hi,

One advice: limit root access to a strict minimum and setup sudo. Change file attributes on files you don't want to be changed.

If you set it up like that you could install syslog-ng and configure it to process your logs which can even send you mails. That'll save you a lot of trouble.

Kind regards,

Eric

1 members found this post helpful.

You can write a script using inotify, but what you're asking is really pointless.

If the user has root access, they can easily go in and disable/edit ANY logging you put in place, rendering all your efforts ineffective. EricTRA gave the best advice: limit root access, and if you're having problems with a particular user, take away their rights, and don't give them back. You can also use sudo to limit the commands they can run to a certain few, giving them root access to just a few commands, but not able to run anything else, like "vi /etc/hosts", or the like.

2 members found this post helpful.