HPE Community
Operating System - HP-UX
1834150 Members
3584 Online
110064 Solutions
New Discussion

Re: URGENT HELP NEEDED - How do I check who accessed a file ?

 
Rudi Martin
Advisor

‎06-23-2004 08:44 PM

‎06-23-2004 08:44 PM

URGENT HELP NEEDED - How do I check who accessed a file ?

Hi there

I need to know how to check who accessed and tampered with a specific file on my system.

For example , let's say someone changed the /etc/password file , how can I check which user did it ?

Thanks
0 Kudos
Reply
3 REPLIES 3
Mark Grant
Honored Contributor

‎06-23-2004 08:59 PM

‎06-23-2004 08:59 PM

Re: URGENT HELP NEEDED - How do I check who accessed a file ?

THe only way to do that is to check any auditing logs you have. users .sh_history is a good one. su logs too.

If you are running a trusted system then I believe there a many more auditing logs you can look at.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎06-23-2004 09:03 PM

‎06-23-2004 09:03 PM

Re: URGENT HELP NEEDED - How do I check who accessed a file ?

Hi,
in addition to that check with "last" command to reveiw login's history.
# last -R
this will give you IP Addresses as well.

Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
Darren Prior
Honored Contributor

‎06-23-2004 09:06 PM

‎06-23-2004 09:06 PM

Re: URGENT HELP NEEDED - How do I check who accessed a file ?

Hi,

There are a number of security applications out there that could do this, otherwise you could enable auditing on a trusted system but this tends to produce a lot of data that you will have to sift through.

If it's the passwd file that you're worried about, then remember that people will be able to change their own entry when they change their password. If you're worried about someone changing other parts of the file then you need to reconsider who has access to the root password.

regards,
Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.