Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

In LINUX how to identify which User has delete the file from a directory

Status
Not open for further replies.

Jayavijayan

Newbie level 1
Joined
Jul 31, 2013
Messages
1
Helped
0
Reputation
0
Reaction score
0
Trophy points
1
Activity points
9
In LINUX how to identify which User has deleted the file from a directory

Hi All,

Someone deleted a file from the directory, I have restored the file based upon the backup file with the same name. But I want to know who deleted the file & when it was deleted. Please advise

Thanks,
Jay
 

How user can delete files? Did you give them /root password/ ?
 

Try this :

Code:
find /home | grep bash_history | xargs grep "rm"

+++
 

Most Linux systems now (kernel 2.6+ i think) support auditing using the "audit" daemon. I am not sure about the default configurations on your distro but you can configure to monitor your file system or a folder for changes (read write delete ...etc) and many other things and it will report such activities in its log file (under Fedora it is /var/log/audit/audit.log)

Regular users has no access to the log, but if users had root access then they can delete that log and you cannot track them easily
 

Status
Not open for further replies.

Similar threads

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top