topic logs of userdel in Operating System - Linux

logs of userdel

skt_skt — Sat, 02 May 2009 12:30:09 GMT

Red Hat Enterprise Linux AS release 3 (Taroon Update 9)
Red Hat Enterprise Linux AS release 4 (Nahant Update 6)

I have a couple of systems where a particular user got deleted. So far not trace was found how the id is deleted(locally or remotly??)

is there a log in OS level which tracks those? Or which safe software/tool can do that

Re: logs of userdel

Ivan Ferreira — Sat, 02 May 2009 13:22:43 GMT

The log file is /var/log/secure. But this file is rotated, so, you have to search in old files also.

Re: logs of userdel

Basheer_2 — Sun, 03 May 2009 05:11:13 GMT

Also check the history files if they are set.

for ex: .sh_history in the users home dir.

Re: logs of userdel

mohamed.bouraoui — Sun, 03 May 2009 09:06:35 GMT

Dear friend,
now you have one solution to detect who do it, is to execute the command : history
the output of this command is to list all command did it , so you can log all what the user use if you install snoopy opensource,
it's very usefull for you. but I think that works only in redhat 3, I didn't try it in redhat 4.
good luck