小智 10
当您创建新用户时,请查看/var/log/auth.log; 细节在那里。例如,我刚刚通过运行创建了新用户jimsudo adduser jim,这是在结尾处auth.log(我已从日志的开头删除了日期和主机名):
sudo: mike : TTY=pts/2 ; PWD=/home/mike ; USER=root ; COMMAND=/usr/sbin/adduser jim
sudo: pam_unix(sudo:session): session opened for user root by mike(uid=1000)
groupadd[1731]: group added to /etc/group: name=jim, GID=1001
groupadd[1731]: group added to /etc/gshadow: name=jim
groupadd[1731]: new group: name=jim, GID=1001
useradd[1735]: new user: name=jim, UID=1001, GID=1001, home=/home/jim, shell=/bin/bash
passwd[1742]: pam_unix(passwd:chauthtok): password changed for jim
passwd[1742]: gkr-pam: couldn't update the login keyring password: no old password was entered chfn[1743]: changed user 'jim' information
sudo: pam_unix(sudo:session): session closed for user root
这个特殊的日志非常有用,因为它记录了所有提升权限的使用,例如创建用户、运行Synaptic等,还记录了谁完成了这些操作。
| 归档时间: |
|
| 查看次数: |
10857 次 |
| 最近记录: |