On Tue, 1 Apr 2003 18:25:06 +0200
Michael Schwendt <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 1 Apr 2003 08:41:06 -0500, Stone, Timothy wrote:
>
> > >
> > > Check /var/log/secure, your actions should have been logged
> > > there.
> > >
> >
>
> > Nothing but recent "sudo" actions. :( *Nothing* of my recent work
> in Users and Groups is logged there (when working as the
> authenticated root user). In a simple bid to secure the passwords of
> a number of users installed for various programs, i.e. user:mrtg
> password:mrtg, I changed many to a highly cryptic "offensive
> nonsense" phase 11 characters in length. These actions are *not*
> appearing in /var/log/secure
> >>>
>
> Well, useradd and userdel DO log when you add/remove a user or group
> account. But you didn't describe how you deleted a user. If, of
> course, you did it manually with a text editor, there would be no
> logs about that.
>
Look in /etc for files, such as:
passwd-
passwd.bak
passwd.OLD
passwd.rpmnew
These are previous 'copies' of /etc/passwd. If you have any of the
above files, then:
diff /etc/passwd /etc/passwd.bak
(or passwd-, or passwd.OLD, an so on); it
may give you an idea of what entries have changed recently, including
your deletion.
Regards,
Tom
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
