This won't tell you when, but who:
whodunit.sh:
#!/bin/sh
for HOMEDIR in `ls /home`; do
echo "$HOMEDIR:"
grep $1
/home/$HOMEDIR/.bash_history;
done
Run with the offending application as a parameter:
whodunit some_bad_command
You might want to redirect output to a file or pipe it to more.
(This is assuming your users are using bash - generally a given in Linux.)
You could get an idea of when perhaps by looking at the timestamp of
.bash_history, when you find the offending users, and then the relative
placement of the command in .bash_history
Stew Benedict
At 09:29 AM 12/21/00 -0500, Charles Galpin wrote:
>If you know what the program does, and it doesn't run suid, you might be
>able to tell.
>
>For example, if the program generates temproray files with a predictable
>name you might be able to see the uid and time on the files.
>
>hope your day goes better :)
>charles
>
>On Thu, 21 Dec 2000, Jason Holland wrote:
>
>> Hmm, if you don't know the username, it would be slightly harder.
first, if
>> you know about what time the command was run, you can use last and also
>> check /var/log/messages to see who was logged in. then, go to their home
>> dir and see if they have a history file. course that depends on which
shell
>> they are using.
>>
>> Jason
>>
>> >
>> > Hi,
>> >
>> > Could someone please tell me how I can determine when a programs
>> > was run and
>> > who ran it?
>> > I hope this is possible. The parameters associated with it would be most
>> > helpful also. I need to find out who did a major dumb dumb.
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
>
>
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
