security
Dustin Kempter
dustink at consistentstate.com
Tue Mar 11 18:38:55 UTC 2014
We've looked in /var/log/messages, and in the /var/log/security file
No smoking gun, only thing we have so far is this:
In the postgres log we see this:
2014-03-07 15:58:09 MST [27223]: [18-1] db=,user=,host= LOG: received
smart shutdown request
Indicating the db received a shutdown request, this can be only run 2 ways:
1) via pg_ctl as the postgres user
2) as a service as root
we looked at the .bash_history file for postgres and see no entries for
pg_ctl
however we do see the service stop command in the root .bash_history file,
but we have no
timestamps in the bash_history file
Are there other log files we can leverage for this search?
On Tue, Mar 11, 2014 at 11:30 AM, Dustin Kempter <
dustink at consistentstate.com> wrote:
> Hi,
>
> we have a server (CentOS 6.4) running PostgreSQL, recently someone shut
> the db down and we want to find out who did this...
>
> I see the db shutdown request in the postgresql log, and I suspect it was
> run as root (as a service) because we do not see any relevant shutdown
> commands in the postgres user's bash history file
>
> Can someone point me in the right direction per figuring this out, who ran
> the command (I suspect it was root)? If so, where did the offending login
> come from (I.P.)? etc...
>
> Thanks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140311/0ae3f435/attachment.html>
More information about the users
mailing list