Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Red Hat This forum is for the discussion of Red Hat Linux.


  Search this Thread
Old 04-11-2005, 02:36 AM   #1
LQ Newbie
Registered: Mar 2005
Location: Pakistan
Posts: 4

Rep: Reputation: 0
root password reset log


Help Me plz. Someone changed my root password I want to check password resetting date and time.

Old 04-11-2005, 04:08 AM   #2
Registered: Mar 2004
Distribution: Slackware current, DSL 0.9.2
Posts: 133

Rep: Reputation: 15
You probably can't check the logs w/o having root access :-/
Old 04-11-2005, 05:10 AM   #3
LQ Newbie
Registered: Mar 2005
Location: Pakistan
Posts: 4

Original Poster
Rep: Reputation: 0
Local Administrator is another person may be he reset the root password. I want to check the root password resetting date and time olz. tell me the log file which contains the information regarding this. May be he changed the root password in single user mode. Plz. tell me the log file and its location.
Old 04-11-2005, 08:20 AM   #4
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 622

Rep: Reputation: 30

if u have a login u may type this cmd and it will tell u when ure machine was rebooted and when / where the last root login was. Type at the console < last >

The place to check for logs would be /va/log/secure and /var/log /messages

Old 04-14-2005, 03:21 PM   #5
Registered: Apr 2005
Location: Texas
Distribution: RHEL 2.1,3.0,4.0
Posts: 39

Rep: Reputation: 15
The first thing I would do is check the date/time stamp on /etc/shadow to see when it was modified (as long as you haven't made any changes to it yourself).

Then use the "last" command to see if anybody logged in around that time

Old 01-14-2013, 05:49 PM   #6
LQ Newbie
Registered: Jul 2009
Posts: 14

Rep: Reputation: 0
I had this problem

I was searching the nets and found this thread when looking for a resolution for this, one of our nodes had its password changed and it wasn't documented anywhere, luckily we were still able to ssh to it from another trusted node and i found who changed the password for it by running:

history | grep passwd

This gave the person away because they weren't supposed to be logged in as root but ran "passwd" alone and changed the password then they ran "passwd <their username>" and gave them selves away .

Just a useful tip for anyone who might be troubleshooting this ( this was for RHEL 5.5 btw)


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Reset Root password hbenway AIX 9 08-19-2008 05:13 PM
reset root password kapslock Debian 14 07-27-2006 08:08 AM
how to check root password reset log cmsisb Red Hat 1 04-11-2005 08:23 AM
How to protect Root password so it cannot be reset PAB Linux - Security 14 04-05-2005 08:05 AM
Reset Root password sdsouza Linux - Software 5 11-12-2003 05:50 PM > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 01:15 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration