- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Tracing hosts file entry modification
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-26-2010 02:39 AM
тАО04-26-2010 02:39 AM
Tracing hosts file entry modification
Two days back some of the entries in the host file got deleted. So I need to know how we can trace this so that we can find who has modified the file at that time.
Need your urgent help regarding the same.
Thanks and Regards
Bharath
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-26-2010 02:44 AM
тАО04-26-2010 02:44 AM
Re: Tracing hosts file entry modification
Without auditing, you really can't trace it.
I suppose you could look to see who login to root at that time or look at the shell history files or possibly anyone who did su or sudo.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-26-2010 02:49 AM
тАО04-26-2010 02:49 AM
Re: Tracing hosts file entry modification
Is there any command for checking the same. Also let me know how can I enable audut.log and also how frequently it grows.
Thanks and Regards
Bharath
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-26-2010 02:59 AM
тАО04-26-2010 02:59 AM
Re: Tracing hosts file entry modification
To enable auditing you have to convert to "trusted" your system. Yo can do it through SAM. If yo go to the audit zone in SAM it will ask you to convert the system.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-26-2010 03:10 AM
тАО04-26-2010 03:10 AM
Re: Tracing hosts file entry modification
Not after the fact, if you don't have auditing or have sudo.
You can only make some guesses based on the logs.
But it would be far easier just to ask the few sysadmins.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-27-2010 10:32 PM
тАО04-27-2010 10:32 PM
Re: Tracing hosts file entry modification
I have checked through SAM regarding adding it as the trusted system. I would like to know if I add as trusted system, is there any impact on network configuration or reachability to customer systems or there will configuration changes on systems side.
Kindly need your suggestions or help regarding the same.
Thanks and Regards
Bharath
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2010 12:06 AM
тАО04-28-2010 12:06 AM
Re: Tracing hosts file entry modification
There shouldn't be.
You may have users that think they have passwords longer than 8 chars that won't work.
You still need to turn on auditing and that will require careful monitoring of the massive amount of space used.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2010 12:17 AM
тАО04-28-2010 12:17 AM
Re: Tracing hosts file entry modification
Just in case, do not log off root after converting the system. If you have any problem loging into the system as root, you can fix it or even unconvert the system because you are still logged. So, after the conversion, try to log in the system with a new session.
Be sure that you have these lines right defined in your "/etc/nsswitch.conf":
passwd: files
group: files
instead of:
passwd: compat
group: compat
I have recently converted a system and I couldn't login as root because I had these to lines as "compat".
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2010 02:31 AM
тАО04-28-2010 02:31 AM
Re: Tracing hosts file entry modification
If /etc/nsswitch.conf file not persent, create it by copying from /etc/nsswitch.compat: then make changes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2010 02:42 AM
тАО04-28-2010 02:42 AM
Re: Tracing hosts file entry modification
I have below contents under nsswitch.compat
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#
passwd: compat
group: compat
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis [NOTFOUND=return] files
automount: files nis
aliases: files nis
services: nis [NOTFOUND=return] files
Kindly let me know what needs to be done in this file.
Regards