on 06-25-2009 8:02 AM
Hi Experts,
In my system some body tampered the directories, and more over some body deleted the bin directory under the /usr/sap/trans in Unix operating system. now i am checking to find out who deleted and for the more logs.
i am unable to find out the user name and deleted directory logs..i know its completely related to the unix level but mean time i am searching for the same.
Any ideas and clues will be heighly appreciated.
-Srini
thanks guys for your valuable time.. it was very help ful get the details... thanks to all.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Srini
history command and/or the syslog files will help in finding this.
Thanks,
Srini.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
depending on OS and shell you may want to check .sh_history or .history from the users home directory. You can simply cat these files.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
To know the OS would have been helpful
First ask the people around you if anybody did it, maybe he is man enough to admit...
Try to find out who logged at the time when the directory was deleted.
- check the OS syslog (/var/adm/syslog/syslog.log for hp-ux, /var/log/messages for linux)
- try the last commando to get a list of who logged on when
- check the command histories of the sidadm, root user, use the history command, or the h alias
- check if there are scripts running, which regularly delete files
As the trans directory might be NFS mounted to other servers, you might need to do the checks there too.
Best regards, Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.