additional info, man 8 shutdown and look for ACCESS CONTROL.
--edel On 10/11/07, jan gestre <[EMAIL PROTECTED]> wrote: > > > On 10/10/07, Sir June <[EMAIL PROTECTED]> wrote: > > > > > > > > # last > > > > webuser pts/0 10.6.56.17 Tue Oct 9 13:29 - 19:23 (05:53) > > reboot system boot 2.4.21-47.0.1.EL Tue Oct 9 13:27 (1+00:04) > > webuser pts/1 nothing.domain.c Tue Oct 9 12:47 - 12:49 (00:02) > > > > so is this via reboot command from the cli? > > > > > This output tells you that probably webuser was the one who did a system > reboot or shutdown but it won't tell you what method he used, the user > reboot automatically logs in whenever there is a system restart. > > The best way to audit unauthorized system restarts are: > > 1. To disable the three finger salute (ctrl+alt+del) by editing the > /etc/inittab then commenting out this line: > > # ca::ctrlaltdel:/sbin/shutdown -t3 -r now > > 2. Secure the box in a room or some form of enclosure so that nobody can > press the restart button. > > As for the OS restarting by itself, check the logs, e.g., dmesg, you can > determine an unclean shutdown just by looking at dmesg. > > You can also disable the reboot and poweroff command or have the commands > executable only by root by using chmod. > > HTH > > -- > http://jangestre.wordpress.com > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
