security
Michael Cronenworth
mike at cchtml.com
Tue Mar 11 19:21:50 UTC 2014
Dustin Kempter wrote:
> we looked at the .bash_history file for postgres and see no entries for pg_ctl
> however we do see the service stop command in the root .bash_history file, but
> we have no
> timestamps in the bash_history file
Add this to a file in /etc/profile.d/mycustom.sh:
export HISTTIMEFORMAT="%F %r "
However, this will only catch future timestamps.
>
> Are there other log files we can leverage for this search?
The "last" command will present you with a list of logins that include user,
time, and location (local or remote with IP address).
Unfortunately RHEL/CentOS do not have verbose logging by default so there is not
much else to look at. SystemD (RHEL7) will have service start/stop logging so
we're getting better.
Also, remember that things like ~/.bash_history are user-editable so they are
not always reliable. If the user has root access they can change any log, too.
More information about the users
mailing list