RSS:
Publications
Comments

Who Changed the password – Unix – Linux

mudhalvan on January 22, 2010 Leave a Comment

How to find out who changed the password in Unix or Linux

We can check it in messages file in /var/log folder

Then Edit the file in those time and line and then before you will be able to know who logged into that server at what time from which IP address.

[root@TEST log]# pwd
/var/log
[root@TEST log]# cat messages |grep password
Jan 22 11:03:37 TEST passwd(pam_unix)[800]: password changed for oracle

Posted in Unix-Linux Administration | Tagged , , ,

Leave a Reply

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»