How can I understand why machine reboot and who reboot it?

ShyRain

ShyRain

Hi,
I have got a remote machine and 3 people know the root password.
Today I saw the uptime is only 1 day so I looked with last command.

Code: 
#last
root ..........
root ..............
reboot -  - 
root ...........

Such as this and no write to "reboot crashed" etc.

How can I understand why my machine reboots and who reboots and which IP reboots my machine?
 
Unless they did a su(1), and therefore have an entry in the auth log, you will not know. I suggest using sudo for such a root-shared environment.
 
Don't. Because now you have no way of finding out who rebooted your machine. Disallow root logins, force everybody to login with their own account and make them use su(1) or sudo(8).
 
If you were really desperate you could enable auditing, it's in the handbook, it can tell you a lot of things. :)
 
It still would only tell you root rebooted it. Not who was logged in as root at that time.
 
I'm curious. Is the machine in question running FreeBSD or some other system?
If it is running FreeBSD, then do you have more than than one user in wheel?
Did you create any non-privileged users or were any created?
 
SirDice said:
Don't. Because now you have no way of finding out who rebooted your machine. Disallow root logins, force everybody to login with their own account and make them use su(1) or sudo(8).
Click to expand...

zspider said:
If you were really desperate you could enable auditing, it's in the handbook, it can tell you a lot of things. :)
Click to expand...

thanks a lot this can be helpfull for next time activity :)
 
You must log in or register to reply here.
Back
Top